Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New variation of FBI MoneyPak Ransomware???


  • This topic is locked This topic is locked
22 replies to this topic

#1 LMoseley

LMoseley

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 27 January 2013 - 08:17 PM

My wife's computer is infected with the FBI MoneyPak Ransomware... classic infection, boot-up screen matches, etc. System: Dell desktop, i5 processor, Win7 Prof 64bit OS.

I tried to follow the instructions in the VirusRemoval forum, but could not. When I boot into Safe Mode, immediately after the usual "Safe Mode" screen shows, the computer immediately does an orderly shutdown-and-reboot.

So: Normal boot = MoneyPak screen. Safe mode boot = immediate reboot

I have a copy of Windows MiniPE on a Hiren's cdrom. I tried booting from this - success - and looked for the Moneypak files in the c:\ProgramData directory, but these files are not present.

What should I try next? I have no logs to post...

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 27 January 2013 - 08:37 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 28 January 2013 - 11:33 AM

Thanks, gringo_pr

Request completed. System Recovery entered via Windows boot disk. While entering the System Recovery section, I was told that there was a problem that could prevent Windows from booting properly, and offered to fix the problem. I said NO.

FRST64 ran with no problems.

=============

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 28-01-2013 11:17:32
Running from K:\Trojan tools\Farbar Recovery Scan Tool
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2011-05-20] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1119392 2011-05-20] (Trend Micro Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKU\Janet\...\Run: [FreeBar] "C:\Program Files (x86)\FreeBar\FreeBar.exe" [237568 2008-01-28] (Colin Finck)
HKU\Janet\...\Run: [EazyScheduler] C:\Program Files (X86)\Eazy-Ware\ezSched.exe [436096 2008-12-23] (AJSystems.com Inc.)
HKU\Janet\...\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe [591248 2011-03-03] (Oberon Media )
HKU\Janet\...\Run: [ndsnt] rundll32.exe "C:\Users\Janet\AppData\Roaming\ndsnt.dll",GetDriverInfo [154624 2013-01-27] (Syntek Corporation)
HKU\Janet\...\Run: [wmsrat] "C:\Windows\System32\rundll32.exe" "C:\Users\Janet\AppData\Roaming\wmsrat.dll",ReloadModule [590336 2013-01-27] (ALPS Electric Co., Ltd.)
HKU\Janet\...\Run: [belgi] "C:\Windows\System32\rundll32.exe" "C:\Users\Janet\AppData\Roaming\belgi.dll",GetCode [335360 2013-01-27] (Fujitsu Component Limited)
HKU\Janet\...\Winlogon: [Shell] explorer.exe,C:\Users\Janet\AppData\Roaming\skype.dat [56832 2012-04-11] ()
Tcpip\..\Interfaces\{4D0EF3A1-BC94-40CB-96A9-6318530CBBEA}: [NameServer]192.168.1.254

==================== Services (Whitelisted) ===================

2 WinVNC4; "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service [2360048 2011-08-18] (RealVNC Ltd)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) =====================

2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
1 tmlwf; C:\Windows\System32\Drivers\tmlwf.sys [194640 2011-05-21] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
2 tmwfp; C:\Windows\System32\Drivers\tmwfp.sys [339536 2011-05-21] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-27 21:14 - 2013-01-27 21:14 - 00000000 ____D C:\FRST
2013-01-27 16:02 - 2013-01-28 08:06 - 00000004 ____A C:\Users\Janet\AppData\Roaming\skype.ini
2013-01-27 15:59 - 2013-01-27 15:59 - 00335360 ____A (Fujitsu Component Limited) C:\Users\Janet\AppData\Roaming\belgi.dll
2013-01-27 15:58 - 2013-01-28 08:06 - 00006525 ____A C:\Users\Janet\AppData\Local\7df37bbb-d535-4b6e-b266-713d456724b0.crx
2013-01-27 15:58 - 2013-01-27 15:58 - 00590336 ____A (ALPS Electric Co., Ltd.) C:\Users\Janet\AppData\Roaming\wmsrat.dll
2013-01-27 15:57 - 2013-01-27 15:57 - 00154624 ____A (Syntek Corporation) C:\Users\Janet\AppData\Roaming\ndsnt.dll
2013-01-22 14:37 - 2013-01-22 14:37 - 00000016 ____A C:\Users\Janet\Downloads\post_redemption_surveyc6cc97dd
2013-01-16 15:16 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-01-16 15:16 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-01-16 15:16 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-01-16 15:16 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-01-16 15:16 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-16 15:16 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-01-16 15:16 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-16 15:16 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-16 15:16 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-01-16 15:16 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-01-16 15:16 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-01-16 15:16 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-01-16 15:16 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-01-16 15:16 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-01-16 15:16 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-01-16 15:16 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-01-16 15:16 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-01-16 15:16 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-16 15:16 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-01-16 15:16 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-01-16 15:16 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-01-16 15:16 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-01-16 15:16 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-01-16 15:16 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-01-16 15:16 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-01-16 15:15 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-01-16 15:15 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-01-16 15:15 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-01-16 15:15 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-01-16 15:15 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-01-16 15:15 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-01-16 15:15 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-01-09 14:44 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 14:44 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 14:44 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 14:44 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 14:44 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 14:44 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 14:44 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 14:44 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 14:44 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 14:44 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 14:44 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 14:44 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 14:44 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 14:44 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 14:44 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 14:44 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 14:44 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 14:44 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 14:44 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 14:44 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 14:44 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 14:44 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 14:44 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 14:44 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 14:44 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 14:44 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 14:44 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 14:44 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 14:44 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 14:43 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 14:43 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 14:43 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 14:43 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 14:43 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 14:43 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 14:43 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 14:43 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 14:43 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 14:43 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 14:43 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 14:43 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 14:43 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 14:43 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 14:43 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 14:43 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 14:43 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 14:43 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe


==================== One Month Modified Files and Folders =======

2013-01-28 08:06 - 2013-01-27 16:02 - 00000004 ____A C:\Users\Janet\AppData\Roaming\skype.ini
2013-01-28 08:06 - 2013-01-27 15:58 - 00006525 ____A C:\Users\Janet\AppData\Local\7df37bbb-d535-4b6e-b266-713d456724b0.crx
2013-01-28 08:06 - 2012-04-11 16:11 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-01-28 08:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-28 08:05 - 2009-07-13 20:51 - 00053297 ____A C:\Windows\setupact.log
2013-01-27 21:31 - 2012-04-11 16:31 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-01-27 21:31 - 2012-04-11 16:31 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-01-27 21:15 - 2009-07-13 21:13 - 00794642 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-27 21:14 - 2013-01-27 21:14 - 00000000 ____D C:\FRST
2013-01-27 16:05 - 2010-11-20 19:47 - 00495696 ____A C:\Windows\PFRO.log
2013-01-27 15:59 - 2013-01-27 15:59 - 00335360 ____A (Fujitsu Component Limited) C:\Users\Janet\AppData\Roaming\belgi.dll
2013-01-27 15:58 - 2013-01-27 15:58 - 00590336 ____A (ALPS Electric Co., Ltd.) C:\Users\Janet\AppData\Roaming\wmsrat.dll
2013-01-27 15:57 - 2013-01-27 15:57 - 00154624 ____A (Syntek Corporation) C:\Users\Janet\AppData\Roaming\ndsnt.dll
2013-01-27 15:34 - 2012-04-11 15:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-27 12:09 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-27 12:09 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-27 12:04 - 2012-04-11 17:51 - 01076109 ____A C:\Windows\WindowsUpdate.log
2013-01-22 14:37 - 2013-01-22 14:37 - 00000016 ____A C:\Users\Janet\Downloads\post_redemption_surveyc6cc97dd
2013-01-16 19:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-16 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-16 15:17 - 2012-04-11 17:50 - 00000000 ____D C:\Program Files (x86)\Intel
2013-01-10 15:20 - 2009-07-13 20:45 - 00464288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-10 15:04 - 2012-04-26 09:44 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-10 15:03 - 2011-02-10 06:33 - 00790620 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-10 14:58 - 2012-04-26 06:24 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-08 16:34 - 2012-04-11 15:59 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-08 16:34 - 2012-04-11 15:59 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-30 14:21 - 2012-04-26 09:44 - 00000000 ____D C:\Users\Janet\AppData\Local\Microsoft Help

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2814388528-3976898639-2671193800-1000\$7dfaa213426a315eda505d07d3f018d2

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4008.63 MB
Available physical RAM: 3236.79 MB
Total Pagefile: 4006.83 MB
Available Pagefile: 3223.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (C-DRIVE) (Fixed) (Total:100.59 GB) (Free:64.89 GB) NTFS
2 Drive d: (D-DRIVE) (Fixed) (Total:342.44 GB) (Free:312.4 GB) NTFS
3 Drive f: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
8 Drive k: (RED SANDISK) (Removable) (Total:1.86 GB) (Free:1.67 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (RECOVERY) (Fixed) (Total:22.69 GB) (Free:16.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1908 MB 0 B

Partitions of Disk 0:
===============

Disk ID: A9E6FE2C

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 22 GB 40 MB
Partition 3 Primary 100 GB 22 GB
Partition 0 Extended 342 GB 123 GB
Partition 4 Logical 342 GB 123 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 22 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C C-DRIVE NTFS Partition 100 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D D-DRIVE NTFS Partition 342 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K RED SANDISK FAT Removable 1907 MB Healthy

=========================================================

Last Boot: 2013-01-24 17:56

==================== End Of Log =============================

Search.txt:

Farbar Recovery Scan Tool (x64) Version: 21-01-2013 02
Ran by SYSTEM at 2013-01-28 11:18:45
Running from K:\Trojan tools\Farbar Recovery Scan Tool

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 28 January 2013 - 09:36 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

HKU\Janet\...\Run: [ndsnt] rundll32.exe "C:\Users\Janet\AppData\Roaming\ndsnt.dll",GetDriverInfo [154624 2013-01-27] (Syntek Corporation)
HKU\Janet\...\Run: [wmsrat] "C:\Windows\System32\rundll32.exe" "C:\Users\Janet\AppData\Roaming\wmsrat.dll",ReloadModule [590336 2013-01-27] (ALPS Electric Co., Ltd.)
HKU\Janet\...\Run: [belgi] "C:\Windows\System32\rundll32.exe" "C:\Users\Janet\AppData\Roaming\belgi.dll",GetCode [335360 2013-01-27] (Fujitsu Component Limited)
HKU\Janet\...\Winlogon: [Shell] explorer.exe,C:\Users\Janet\AppData\Roaming\skype.dat [56832 2012-04-11] ()
C:\Users\Janet\AppData\Roaming\skype.ini
C:\Users\Janet\AppData\Roaming\belgi.dll
C:\Users\Janet\AppData\Roaming\ndsnt.dll
C:\Users\Janet\AppData\Roaming\wmsrat.dll
C:\Users\Janet\AppData\Roaming\skype.dat
C:\$Recycle.Bin\S-1-5-21-2814388528-3976898639-2671193800-1000\$7dfaa213426a315eda505d07d3f018d2


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 29 January 2013 - 12:02 AM

Completed successfully.

As I entered the Repair options, there was a popup again to the effect "Windows found problems with your computer's start-up options. DO you want to apply repairs and restart. I again said NO.

FRST-64 ran successfully. Log contents:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2013 02
Ran by SYSTEM at 2013-01-28 23:49:38 Run:1
Running from K:\Trojan tools\Farbar Recovery Scan Tool

==============================================

HKEY_USERS\Janet\Software\Microsoft\Windows\CurrentVersion\Run\\ndsnt Value deleted successfully.
HKEY_USERS\Janet\Software\Microsoft\Windows\CurrentVersion\Run\\wmsrat Value deleted successfully.
HKEY_USERS\Janet\Software\Microsoft\Windows\CurrentVersion\Run\\belgi Value deleted successfully.
HKEY_USERS\Janet\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\Janet\AppData\Roaming\skype.ini moved successfully.
C:\Users\Janet\AppData\Roaming\belgi.dll moved successfully.
C:\Users\Janet\AppData\Roaming\ndsnt.dll moved successfully.
C:\Users\Janet\AppData\Roaming\wmsrat.dll moved successfully.
C:\Users\Janet\AppData\Roaming\skype.dat moved successfully.
C:\$Recycle.Bin\S-1-5-21-2814388528-3976898639-2671193800-1000\$7dfaa213426a315eda505d07d3f018d2 moved successfully.

==== End of Fixlog ====

After doing that, the computer booted normally and seems to be working normally.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 29 January 2013 - 03:13 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 29 January 2013 - 09:28 AM

AdwCleaner ran OK. Log:

# AdwCleaner v2.109 - Logfile created 01/29/2013 at 09:19:12
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Janet - VOSTRO260
# Boot Mode : Normal
# Running from : D:\Junk\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\ProgramData\GamesBar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1262 octets] - [29/01/2013 09:19:12]

########## EOF - C:\AdwCleaner[S1].txt - [1322 octets] ##########



RogueKiller would not run. Started via right-click, run as admin. Prescan completed. Within a second or two of clicking SCAN, a Windows box came up saying "This program has stopped working."



_

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 29 January 2013 - 12:16 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 29 January 2013 - 05:57 PM

TDSSKiller ran as described, except that the scan took about 30 minutes rather than 2 minutes. LOG:


15:40:44.0363 2800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:40:44.0643 2800 ============================================================
15:40:44.0643 2800 Current date / time: 2013/01/29 15:40:44.0643
15:40:44.0643 2800 SystemInfo:
15:40:44.0643 2800
15:40:44.0643 2800 OS Version: 6.1.7601 ServicePack: 1.0
15:40:44.0643 2800 Product type: Workstation
15:40:44.0643 2800 ComputerName: VOSTRO260
15:40:44.0643 2800 UserName: Janet
15:40:44.0643 2800 Windows directory: C:\Windows
15:40:44.0643 2800 System windows directory: C:\Windows
15:40:44.0643 2800 Running under WOW64
15:40:44.0643 2800 Processor architecture: Intel x64
15:40:44.0643 2800 Number of processors: 4
15:40:44.0643 2800 Page size: 0x1000
15:40:44.0643 2800 Boot type: Normal boot
15:40:44.0643 2800 ============================================================
15:40:46.0531 2800 BG loaded
15:40:46.0947 2800 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:40:46.0967 2800 ============================================================
15:40:46.0967 2800 \Device\Harddisk0\DR0:
15:40:46.0977 2800 MBR partitions:
15:40:46.0977 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2D60000
15:40:46.0977 2800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2D74000, BlocksNum 0xC92E462
15:40:46.0997 2800 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xF6A3000, BlocksNum 0x2ACE2800
15:40:46.0997 2800 ============================================================
15:40:47.0077 2800 C: <-> \Device\Harddisk0\DR0\Partition2
15:40:47.0107 2800 D: <-> \Device\Harddisk0\DR0\Partition3
15:40:47.0107 2800 ============================================================
15:40:47.0107 2800 Initialize success
15:40:47.0107 2800 ============================================================
15:41:55.0849 4768 ============================================================
15:41:55.0849 4768 Scan started
15:41:55.0849 4768 Mode: Manual; SigCheck; TDLFS;
15:41:55.0849 4768 ============================================================
15:42:07.0720 4768 ================ Scan system memory ========================
15:42:07.0720 4768 System memory - ok
15:42:07.0720 4768 ================ Scan services =============================
15:42:07.0829 4768 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:42:16.0019 4768 1394ohci - ok
15:42:16.0051 4768 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:42:21.0074 4768 ACPI - ok
15:42:21.0105 4768 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:42:56.0205 4768 AcpiPmi - ok
15:42:56.0314 4768 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:01.0213 4768 AdobeARMservice - ok
15:43:01.0415 4768 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:06.0345 4768 AdobeFlashPlayerUpdateSvc - ok
15:43:06.0376 4768 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:43:11.0384 4768 adp94xx - ok
15:43:11.0587 4768 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:43:16.0579 4768 adpahci - ok
15:43:16.0610 4768 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:43:16.0641 4768 adpu320 - ok
15:43:16.0672 4768 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:43:16.0844 4768 AeLookupSvc - ok
15:43:16.0875 4768 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:43:26.0750 4768 AFD - ok
15:43:26.0828 4768 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:43:31.0742 4768 agp440 - ok
15:43:31.0804 4768 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:43:36.0874 4768 ALG - ok
15:43:36.0906 4768 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:43:41.0913 4768 aliide - ok
15:43:41.0944 4768 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:43:51.0928 4768 amdide - ok
15:43:51.0960 4768 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:44:27.0028 4768 AmdK8 - ok
15:44:27.0060 4768 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:44:27.0091 4768 AmdPPM - ok
15:44:27.0106 4768 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:44:27.0122 4768 amdsata - ok
15:44:27.0138 4768 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:44:27.0153 4768 amdsbs - ok
15:44:27.0169 4768 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:44:27.0169 4768 amdxata - ok
15:44:27.0231 4768 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
15:44:42.0082 4768 Amsp - ok
15:44:42.0285 4768 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:44:42.0410 4768 AppID - ok
15:44:42.0519 4768 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:44:42.0597 4768 AppIDSvc - ok
15:44:42.0706 4768 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:44:42.0784 4768 Appinfo - ok
15:44:43.0642 4768 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:45:03.0252 4768 Apple Mobile Device - ok
15:45:03.0376 4768 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:45:08.0415 4768 AppMgmt - ok
15:45:08.0462 4768 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:45:08.0493 4768 arc - ok
15:45:08.0524 4768 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:45:18.0540 4768 arcsas - ok
15:45:18.0649 4768 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:45:23.0563 4768 aspnet_state - ok
15:45:23.0578 4768 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:23.0672 4768 AsyncMac - ok
15:45:23.0688 4768 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:45:28.0680 4768 atapi - ok
15:45:28.0773 4768 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:45:33.0765 4768 AudioEndpointBuilder - ok
15:45:33.0828 4768 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:45:43.0827 4768 AudioSrv - ok
15:45:43.0890 4768 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:45:49.0038 4768 AxInstSV - ok
15:45:49.0131 4768 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:45:54.0217 4768 b06bdrv - ok
15:45:54.0279 4768 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:45:54.0311 4768 b57nd60a - ok
15:45:54.0373 4768 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:45:54.0420 4768 BDESVC - ok
15:45:54.0451 4768 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:45:59.0505 4768 Beep - ok
15:45:59.0583 4768 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:45:59.0630 4768 BFE - ok
15:45:59.0646 4768 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:46:04.0700 4768 BITS - ok
15:46:04.0731 4768 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:46:24.0746 4768 blbdrive - ok
15:46:24.0824 4768 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:46:29.0785 4768 Bonjour Service - ok
15:46:29.0847 4768 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:46:34.0886 4768 bowser - ok
15:46:34.0917 4768 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:46:39.0925 4768 BrFiltLo - ok
15:46:39.0941 4768 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:46:39.0956 4768 BrFiltUp - ok
15:46:40.0019 4768 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:46:40.0050 4768 Browser - ok
15:46:40.0081 4768 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:46:50.0127 4768 Brserid - ok
15:46:50.0143 4768 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:47:10.0127 4768 BrSerWdm - ok
15:47:10.0158 4768 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:47:20.0235 4768 BrUsbMdm - ok
15:47:20.0251 4768 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:47:20.0376 4768 BrUsbSer - ok
15:47:20.0376 4768 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:47:30.0454 4768 BTHMODEM - ok
15:47:30.0485 4768 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:47:45.0523 4768 bthserv - ok
15:47:45.0539 4768 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:47:45.0664 4768 cdfs - ok
15:47:45.0695 4768 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:47:45.0757 4768 cdrom - ok
15:47:45.0788 4768 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:47:50.0827 4768 CertPropSvc - ok
15:47:50.0827 4768 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:48:15.0943 4768 circlass - ok
15:48:15.0990 4768 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:48:16.0006 4768 CLFS - ok
15:48:16.0130 4768 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:48:21.0091 4768 clr_optimization_v2.0.50727_32 - ok
15:48:21.0122 4768 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:48:31.0122 4768 clr_optimization_v2.0.50727_64 - ok
15:48:31.0169 4768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:48:31.0184 4768 clr_optimization_v4.0.30319_32 - ok
15:48:31.0184 4768 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:48:31.0200 4768 clr_optimization_v4.0.30319_64 - ok
15:48:31.0216 4768 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:48:31.0231 4768 CmBatt - ok
15:48:31.0247 4768 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:48:31.0247 4768 cmdide - ok
15:48:31.0294 4768 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:48:31.0309 4768 CNG - ok
15:48:31.0356 4768 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
15:48:31.0372 4768 CnxtHdAudService - ok
15:48:31.0387 4768 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:48:36.0379 4768 Compbatt - ok
15:48:36.0410 4768 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:48:56.0410 4768 CompositeBus - ok
15:48:56.0425 4768 COMSysApp - ok
15:48:56.0472 4768 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:48:56.0488 4768 cphs - ok
15:48:56.0534 4768 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:48:56.0550 4768 crcdisk - ok
15:48:56.0581 4768 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:48:56.0612 4768 CryptSvc - ok
15:48:56.0644 4768 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:48:56.0690 4768 CSC - ok
15:48:56.0768 4768 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:48:56.0815 4768 CscService - ok
15:48:56.0878 4768 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:48:56.0956 4768 DcomLaunch - ok
15:48:56.0987 4768 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:48:57.0065 4768 defragsvc - ok
15:48:57.0112 4768 [ 2050309BAB03DFCEE455DBF913BF91B1 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
15:48:57.0143 4768 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
15:48:57.0143 4768 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
15:48:57.0158 4768 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:48:57.0236 4768 DfsC - ok
15:48:57.0268 4768 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:48:57.0299 4768 Dhcp - ok
15:48:57.0314 4768 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:48:57.0361 4768 discache - ok
15:48:57.0408 4768 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:48:57.0439 4768 Disk - ok
15:48:57.0455 4768 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:48:57.0470 4768 dmvsc - ok
15:48:57.0502 4768 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:48:57.0517 4768 Dnscache - ok
15:48:57.0548 4768 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:48:57.0611 4768 dot3svc - ok
15:48:57.0611 4768 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:48:57.0673 4768 DPS - ok
15:48:57.0689 4768 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:48:57.0720 4768 drmkaud - ok
15:48:57.0751 4768 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:48:57.0782 4768 DXGKrnl - ok
15:48:57.0782 4768 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:48:57.0829 4768 EapHost - ok
15:48:57.0876 4768 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:48:57.0954 4768 ebdrv - ok
15:48:57.0970 4768 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:48:57.0985 4768 EFS - ok
15:48:58.0032 4768 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:48:58.0079 4768 ehRecvr - ok
15:48:58.0094 4768 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:48:58.0110 4768 ehSched - ok
15:48:58.0141 4768 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:48:58.0172 4768 elxstor - ok
15:48:58.0172 4768 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:48:58.0188 4768 ErrDev - ok
15:48:58.0219 4768 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:48:58.0266 4768 EventSystem - ok
15:48:58.0282 4768 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:48:58.0313 4768 exfat - ok
15:48:58.0328 4768 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:48:58.0360 4768 fastfat - ok
15:48:58.0406 4768 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:48:58.0438 4768 Fax - ok
15:48:58.0438 4768 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:48:58.0469 4768 fdc - ok
15:48:58.0469 4768 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:48:58.0531 4768 fdPHost - ok
15:48:58.0531 4768 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:48:58.0594 4768 FDResPub - ok
15:48:58.0625 4768 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:48:58.0640 4768 FileInfo - ok
15:48:58.0640 4768 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:48:58.0703 4768 Filetrace - ok
15:48:58.0718 4768 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:48:58.0734 4768 flpydisk - ok
15:48:58.0750 4768 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:48:58.0750 4768 FltMgr - ok
15:48:58.0796 4768 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:48:58.0828 4768 FontCache - ok
15:48:58.0874 4768 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:48:58.0890 4768 FontCache3.0.0.0 - ok
15:48:58.0906 4768 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:48:58.0921 4768 FsDepends - ok
15:48:58.0937 4768 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:48:58.0937 4768 Fs_Rec - ok
15:48:58.0952 4768 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:48:58.0984 4768 fvevol - ok
15:48:58.0999 4768 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:48:58.0999 4768 gagp30kx - ok
15:48:59.0030 4768 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:48:59.0030 4768 GEARAspiWDM - ok
15:48:59.0062 4768 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:48:59.0108 4768 gpsvc - ok
15:48:59.0124 4768 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:48:59.0155 4768 hcw85cir - ok
15:48:59.0171 4768 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:48:59.0218 4768 HDAudBus - ok
15:48:59.0233 4768 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:48:59.0249 4768 HidBatt - ok
15:48:59.0249 4768 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:48:59.0280 4768 HidBth - ok
15:48:59.0296 4768 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:48:59.0311 4768 HidIr - ok
15:48:59.0342 4768 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:48:59.0389 4768 hidserv - ok
15:48:59.0420 4768 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:48:59.0436 4768 HidUsb - ok
15:48:59.0452 4768 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:48:59.0530 4768 hkmsvc - ok
15:48:59.0545 4768 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:48:59.0592 4768 HomeGroupListener - ok
15:48:59.0623 4768 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:48:59.0670 4768 HomeGroupProvider - ok
15:48:59.0686 4768 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:48:59.0701 4768 HpSAMD - ok
15:48:59.0732 4768 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:48:59.0779 4768 HTTP - ok
15:48:59.0795 4768 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:48:59.0810 4768 hwpolicy - ok
15:48:59.0826 4768 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:48:59.0857 4768 i8042prt - ok
15:48:59.0873 4768 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:48:59.0904 4768 iaStorV - ok
15:48:59.0935 4768 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:48:59.0966 4768 idsvc - ok
15:49:00.0076 4768 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:49:00.0138 4768 igfx - ok
15:49:00.0154 4768 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:49:00.0169 4768 iirsp - ok
15:49:00.0200 4768 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:49:00.0247 4768 IKEEXT - ok
15:49:00.0278 4768 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:49:00.0310 4768 IntcDAud - ok
15:49:00.0310 4768 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:49:00.0325 4768 intelide - ok
15:49:00.0341 4768 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:49:00.0356 4768 intelppm - ok
15:49:00.0388 4768 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:49:00.0450 4768 IPBusEnum - ok
15:49:00.0466 4768 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:49:00.0481 4768 IpFilterDriver - ok
15:49:00.0528 4768 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:49:00.0590 4768 iphlpsvc - ok
15:49:00.0606 4768 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:49:00.0637 4768 IPMIDRV - ok
15:49:00.0637 4768 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:49:00.0684 4768 IPNAT - ok
15:49:00.0731 4768 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:49:00.0746 4768 iPod Service - ok
15:49:00.0778 4768 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:49:00.0793 4768 IRENUM - ok
15:49:00.0809 4768 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:49:00.0809 4768 isapnp - ok
15:49:00.0824 4768 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:49:00.0840 4768 iScsiPrt - ok
15:49:00.0856 4768 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:49:00.0871 4768 kbdclass - ok
15:49:00.0887 4768 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:49:00.0918 4768 kbdhid - ok
15:49:00.0918 4768 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:49:00.0934 4768 KeyIso - ok
15:49:00.0949 4768 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:49:00.0965 4768 KSecDD - ok
15:49:00.0980 4768 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:49:00.0996 4768 KSecPkg - ok
15:49:01.0012 4768 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:49:01.0043 4768 ksthunk - ok
15:49:01.0074 4768 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:49:01.0121 4768 KtmRm - ok
15:49:01.0152 4768 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:49:01.0214 4768 LanmanServer - ok
15:49:01.0230 4768 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:49:01.0261 4768 LanmanWorkstation - ok
15:49:01.0292 4768 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:49:01.0324 4768 lltdio - ok
15:49:01.0355 4768 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:49:01.0417 4768 lltdsvc - ok
15:49:01.0433 4768 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:49:01.0464 4768 lmhosts - ok
15:49:01.0480 4768 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:49:01.0495 4768 LSI_FC - ok
15:49:01.0495 4768 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:49:01.0511 4768 LSI_SAS - ok
15:49:01.0526 4768 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:49:01.0542 4768 LSI_SAS2 - ok
15:49:01.0542 4768 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:49:01.0558 4768 LSI_SCSI - ok
15:49:01.0558 4768 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:49:01.0604 4768 luafv - ok
15:49:01.0620 4768 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:49:01.0651 4768 Mcx2Svc - ok
15:49:01.0651 4768 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:49:01.0667 4768 megasas - ok
15:49:01.0682 4768 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:49:01.0682 4768 MegaSR - ok
15:49:01.0714 4768 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:49:01.0714 4768 MEIx64 - ok
15:49:01.0760 4768 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:49:01.0792 4768 Microsoft Office Groove Audit Service - ok
15:49:01.0807 4768 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:49:01.0870 4768 MMCSS - ok
15:49:01.0870 4768 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:49:01.0901 4768 Modem - ok
15:49:01.0916 4768 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:49:01.0948 4768 monitor - ok
15:49:01.0963 4768 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:49:01.0979 4768 mouclass - ok
15:49:01.0994 4768 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:49:02.0010 4768 mouhid - ok
15:49:02.0026 4768 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:49:02.0041 4768 mountmgr - ok
15:49:02.0057 4768 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:49:02.0088 4768 mpio - ok
15:49:02.0104 4768 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:49:02.0150 4768 mpsdrv - ok
15:49:02.0197 4768 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:49:02.0244 4768 MpsSvc - ok
15:49:02.0260 4768 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:49:02.0275 4768 MRxDAV - ok
15:49:02.0291 4768 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:49:02.0322 4768 mrxsmb - ok
15:49:02.0338 4768 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:49:02.0353 4768 mrxsmb10 - ok
15:49:02.0369 4768 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:49:02.0369 4768 mrxsmb20 - ok
15:49:02.0384 4768 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:49:02.0400 4768 msahci - ok
15:49:02.0416 4768 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:49:02.0447 4768 msdsm - ok
15:49:02.0462 4768 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:49:02.0494 4768 MSDTC - ok
15:49:02.0509 4768 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:49:02.0540 4768 Msfs - ok
15:49:02.0556 4768 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:49:02.0603 4768 mshidkmdf - ok
15:49:02.0634 4768 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:49:02.0634 4768 msisadrv - ok
15:49:02.0650 4768 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:49:02.0712 4768 MSiSCSI - ok
15:49:02.0712 4768 msiserver - ok
15:49:02.0728 4768 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:49:02.0774 4768 MSKSSRV - ok
15:49:02.0790 4768 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:49:02.0837 4768 MSPCLOCK - ok
15:49:02.0837 4768 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:49:02.0868 4768 MSPQM - ok
15:49:02.0884 4768 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:49:02.0884 4768 MsRPC - ok
15:49:02.0899 4768 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:49:02.0899 4768 mssmbios - ok
15:49:02.0915 4768 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:49:02.0946 4768 MSTEE - ok
15:49:02.0946 4768 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:49:02.0962 4768 MTConfig - ok
15:49:02.0977 4768 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:49:02.0977 4768 Mup - ok
15:49:02.0993 4768 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:49:03.0055 4768 napagent - ok
15:49:03.0086 4768 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:49:03.0102 4768 NativeWifiP - ok
15:49:03.0133 4768 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:49:03.0149 4768 NDIS - ok
15:49:03.0164 4768 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:49:03.0180 4768 NdisCap - ok
15:49:03.0196 4768 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:49:03.0242 4768 NdisTapi - ok
15:49:03.0242 4768 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:49:03.0274 4768 Ndisuio - ok
15:49:03.0274 4768 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:49:03.0320 4768 NdisWan - ok
15:49:03.0320 4768 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:49:03.0352 4768 NDProxy - ok
15:49:03.0367 4768 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:49:03.0398 4768 NetBIOS - ok
15:49:03.0414 4768 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:49:03.0445 4768 NetBT - ok
15:49:03.0445 4768 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:49:03.0461 4768 Netlogon - ok
15:49:03.0492 4768 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:49:03.0554 4768 Netman - ok
15:49:03.0570 4768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:03.0586 4768 NetMsmqActivator - ok
15:49:03.0601 4768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:03.0601 4768 NetPipeActivator - ok
15:49:03.0617 4768 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:49:03.0664 4768 netprofm - ok
15:49:03.0664 4768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:03.0664 4768 NetTcpActivator - ok
15:49:03.0664 4768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:03.0679 4768 NetTcpPortSharing - ok
15:49:03.0710 4768 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
15:49:03.0742 4768 netvsc - ok
15:49:03.0757 4768 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:49:03.0773 4768 nfrd960 - ok
15:49:03.0788 4768 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:49:03.0820 4768 NlaSvc - ok
15:49:03.0882 4768 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
15:49:03.0929 4768 NOBU - ok
15:49:03.0944 4768 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:49:03.0976 4768 Npfs - ok
15:49:03.0991 4768 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:49:04.0054 4768 nsi - ok
15:49:04.0054 4768 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:49:04.0100 4768 nsiproxy - ok
15:49:04.0132 4768 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:49:04.0194 4768 Ntfs - ok
15:49:04.0210 4768 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:49:04.0241 4768 Null - ok
15:49:04.0256 4768 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:49:04.0272 4768 nvraid - ok
15:49:04.0303 4768 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:49:04.0334 4768 nvstor - ok
15:49:04.0350 4768 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:49:04.0381 4768 nv_agp - ok
15:49:04.0444 4768 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:49:04.0459 4768 odserv - ok
15:49:04.0490 4768 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:49:04.0506 4768 ohci1394 - ok
15:49:04.0553 4768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:49:04.0584 4768 ose - ok
15:49:04.0615 4768 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:49:04.0662 4768 p2pimsvc - ok
15:49:04.0678 4768 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:49:04.0724 4768 p2psvc - ok
15:49:04.0724 4768 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:49:04.0756 4768 Parport - ok
15:49:04.0771 4768 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:49:04.0802 4768 partmgr - ok
15:49:04.0818 4768 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:49:04.0865 4768 PcaSvc - ok
15:49:04.0896 4768 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:49:04.0927 4768 pci - ok
15:49:04.0943 4768 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:49:04.0974 4768 pciide - ok
15:49:04.0974 4768 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:49:05.0021 4768 pcmcia - ok
15:49:05.0021 4768 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:49:05.0052 4768 pcw - ok
15:49:05.0068 4768 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:49:05.0114 4768 PEAUTH - ok
15:49:05.0146 4768 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:49:05.0224 4768 PeerDistSvc - ok
15:49:05.0255 4768 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:49:05.0286 4768 PerfHost - ok
15:49:05.0333 4768 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:49:05.0426 4768 pla - ok
15:49:05.0458 4768 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:49:05.0504 4768 PlugPlay - ok
15:49:05.0520 4768 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:49:05.0551 4768 PNRPAutoReg - ok
15:49:05.0567 4768 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:49:05.0598 4768 PNRPsvc - ok
15:49:05.0614 4768 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:49:05.0676 4768 PolicyAgent - ok
15:49:05.0692 4768 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
15:49:05.0738 4768 Power - ok
15:49:05.0770 4768 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:49:05.0832 4768 PptpMiniport - ok
15:49:05.0848 4768 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:49:05.0863 4768 Processor - ok
15:49:05.0894 4768 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:49:05.0941 4768 ProfSvc - ok
15:49:05.0941 4768 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:49:05.0957 4768 ProtectedStorage - ok
15:49:05.0988 4768 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:49:06.0035 4768 Psched - ok
15:49:06.0050 4768 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:49:06.0066 4768 PxHlpa64 - ok
15:49:06.0113 4768 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:49:06.0175 4768 ql2300 - ok
15:49:06.0175 4768 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:49:06.0191 4768 ql40xx - ok
15:49:06.0222 4768 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:49:06.0238 4768 QWAVE - ok
15:49:06.0253 4768 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:49:06.0284 4768 QWAVEdrv - ok
15:49:06.0284 4768 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:49:06.0316 4768 RasAcd - ok
15:49:06.0331 4768 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:49:06.0378 4768 RasAgileVpn - ok
15:49:06.0394 4768 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:49:06.0440 4768 RasAuto - ok
15:49:06.0456 4768 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:49:06.0518 4768 Rasl2tp - ok
15:49:06.0550 4768 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:49:06.0612 4768 RasMan - ok
15:49:06.0628 4768 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:49:06.0659 4768 RasPppoe - ok
15:49:06.0674 4768 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:49:06.0721 4768 RasSstp - ok
15:49:06.0752 4768 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:49:06.0784 4768 rdbss - ok
15:49:06.0815 4768 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:49:06.0830 4768 rdpbus - ok
15:49:06.0846 4768 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:49:06.0908 4768 RDPCDD - ok
15:49:06.0924 4768 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:49:06.0971 4768 RDPDR - ok
15:49:06.0986 4768 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:49:07.0033 4768 RDPENCDD - ok
15:49:07.0033 4768 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:49:07.0064 4768 RDPREFMP - ok
15:49:07.0111 4768 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:49:07.0158 4768 RdpVideoMiniport - ok
15:49:07.0189 4768 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:49:07.0236 4768 RDPWD - ok
15:49:07.0267 4768 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:49:07.0298 4768 rdyboost - ok
15:49:07.0314 4768 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:49:07.0376 4768 RemoteAccess - ok
15:49:07.0408 4768 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:49:07.0454 4768 RemoteRegistry - ok
15:49:07.0517 4768 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:49:07.0595 4768 RoxMediaDB12OEM - ok
15:49:07.0626 4768 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:49:07.0657 4768 RoxWatch12 - ok
15:49:07.0673 4768 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:49:07.0720 4768 RpcEptMapper - ok
15:49:07.0735 4768 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:49:07.0751 4768 RpcLocator - ok
15:49:07.0766 4768 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:49:07.0798 4768 RpcSs - ok
15:49:07.0813 4768 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:49:07.0860 4768 rspndr - ok
15:49:07.0876 4768 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:49:07.0891 4768 RTL8167 - ok
15:49:07.0922 4768 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:49:07.0938 4768 s3cap - ok
15:49:07.0954 4768 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:49:07.0969 4768 SamSs - ok
15:49:07.0985 4768 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:49:08.0000 4768 sbp2port - ok
15:49:08.0016 4768 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:49:08.0078 4768 SCardSvr - ok
15:49:08.0094 4768 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:49:08.0141 4768 scfilter - ok
15:49:08.0156 4768 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:49:08.0219 4768 Schedule - ok
15:49:08.0234 4768 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:49:08.0250 4768 SCPolicySvc - ok
15:49:08.0266 4768 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:49:08.0281 4768 SDRSVC - ok
15:49:08.0312 4768 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:49:08.0375 4768 secdrv - ok
15:49:08.0390 4768 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:49:08.0406 4768 seclogon - ok
15:49:08.0422 4768 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:49:08.0453 4768 SENS - ok
15:49:08.0468 4768 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:49:08.0500 4768 SensrSvc - ok
15:49:08.0515 4768 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:49:08.0546 4768 Serenum - ok
15:49:08.0578 4768 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:49:08.0609 4768 Serial - ok
15:49:08.0640 4768 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:49:08.0671 4768 sermouse - ok
15:49:08.0687 4768 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:49:08.0765 4768 SessionEnv - ok
15:49:08.0765 4768 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:49:08.0780 4768 sffdisk - ok
15:49:08.0796 4768 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:49:08.0812 4768 sffp_mmc - ok
15:49:08.0812 4768 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:49:08.0843 4768 sffp_sd - ok
15:49:08.0843 4768 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:49:08.0858 4768 sfloppy - ok
15:49:08.0905 4768 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:49:08.0921 4768 SftService - ok
15:49:08.0952 4768 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:49:08.0983 4768 SharedAccess - ok
15:49:09.0014 4768 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:49:09.0046 4768 ShellHWDetection - ok
15:49:09.0061 4768 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:49:09.0077 4768 SiSRaid2 - ok
15:49:09.0077 4768 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:49:09.0092 4768 SiSRaid4 - ok
15:49:09.0124 4768 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:49:09.0186 4768 Smb - ok
15:49:09.0202 4768 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:49:09.0233 4768 SNMPTRAP - ok
15:49:09.0248 4768 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:49:09.0264 4768 spldr - ok
15:49:09.0295 4768 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:49:09.0342 4768 Spooler - ok
15:49:09.0389 4768 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:49:09.0451 4768 sppsvc - ok
15:49:09.0467 4768 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:49:09.0498 4768 sppuinotify - ok
15:49:09.0529 4768 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:49:09.0560 4768 srv - ok
15:49:09.0576 4768 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:49:09.0623 4768 srv2 - ok
15:49:09.0623 4768 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:49:09.0654 4768 srvnet - ok
15:49:09.0685 4768 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:49:09.0748 4768 SSDPSRV - ok
15:49:09.0763 4768 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:49:09.0794 4768 SstpSvc - ok
15:49:09.0810 4768 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:49:09.0841 4768 stexstor - ok
15:49:09.0857 4768 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:49:09.0888 4768 stisvc - ok
15:49:09.0919 4768 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:49:09.0966 4768 stllssvr - ok
15:49:09.0982 4768 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:49:10.0013 4768 StorSvc - ok
15:49:10.0028 4768 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:49:10.0060 4768 storvsc - ok
15:49:10.0060 4768 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:49:10.0091 4768 swenum - ok
15:49:10.0106 4768 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:49:10.0184 4768 swprv - ok
15:49:10.0184 4768 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
15:49:10.0200 4768 SynthVid - ok
15:49:10.0247 4768 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:49:10.0309 4768 SysMain - ok
15:49:10.0325 4768 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:49:10.0340 4768 TabletInputService - ok
15:49:10.0356 4768 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:49:10.0403 4768 TapiSrv - ok
15:49:10.0403 4768 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:49:10.0434 4768 TBS - ok
15:49:10.0481 4768 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:49:10.0574 4768 Tcpip - ok
15:49:10.0621 4768 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:49:10.0637 4768 TCPIP6 - ok
15:49:10.0668 4768 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:49:10.0699 4768 tcpipreg - ok
15:49:10.0715 4768 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:49:10.0746 4768 TDPIPE - ok
15:49:10.0762 4768 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:49:10.0793 4768 TDTCP - ok
15:49:10.0808 4768 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:49:10.0840 4768 tdx - ok
15:49:10.0855 4768 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:49:10.0871 4768 TermDD - ok
15:49:10.0886 4768 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:49:10.0949 4768 TermService - ok
15:49:10.0964 4768 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:49:10.0996 4768 Themes - ok
15:49:11.0011 4768 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:49:11.0042 4768 THREADORDER - ok
15:49:11.0058 4768 [ 89DC033F4EE8F171826B1845C2136033 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
15:49:11.0089 4768 tmactmon - ok
15:49:11.0105 4768 [ 6AF3002BE88C56382CD87AA0884D7D30 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
15:49:11.0136 4768 tmcomm - ok
15:49:11.0136 4768 [ 063B2C13F62F873E14C29A223C409AD8 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
15:49:11.0167 4768 tmevtmgr - ok
15:49:11.0198 4768 [ 5922B1F5741BBDBAF7F7B4CBD2B7C4A5 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
15:49:11.0230 4768 tmlwf - ok
15:49:11.0245 4768 [ E5021A4A72204C15C52C546F9301BAEF ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
15:49:11.0261 4768 tmtdi - ok
15:49:11.0292 4768 [ 0A2E3899CC72AD4CC85EA3D50A5331CC ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys
15:49:11.0323 4768 tmwfp - ok
15:49:11.0339 4768 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:49:11.0401 4768 TrkWks - ok
15:49:11.0448 4768 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:49:11.0479 4768 TrustedInstaller - ok
15:49:11.0495 4768 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:49:11.0557 4768 tssecsrv - ok
15:49:11.0573 4768 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:49:11.0604 4768 TsUsbFlt - ok
15:49:11.0620 4768 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:49:11.0635 4768 TsUsbGD - ok
15:49:11.0666 4768 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:49:11.0713 4768 tunnel - ok
15:49:11.0729 4768 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:49:11.0744 4768 uagp35 - ok
15:49:11.0760 4768 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:49:11.0791 4768 udfs - ok
15:49:11.0822 4768 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:49:11.0838 4768 UI0Detect - ok
15:49:11.0854 4768 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:49:11.0869 4768 uliagpkx - ok
15:49:11.0885 4768 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:49:11.0916 4768 umbus - ok
15:49:11.0932 4768 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:49:11.0963 4768 UmPass - ok
15:49:11.0978 4768 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:49:12.0010 4768 UmRdpService - ok
15:49:12.0025 4768 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:49:12.0072 4768 upnphost - ok
15:49:12.0103 4768 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:49:12.0134 4768 USBAAPL64 - ok
15:49:12.0150 4768 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:49:12.0197 4768 usbccgp - ok
15:49:12.0212 4768 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:49:12.0244 4768 usbcir - ok
15:49:12.0259 4768 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:49:12.0290 4768 usbehci - ok
15:49:12.0322 4768 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:49:12.0368 4768 usbhub - ok
15:49:12.0400 4768 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:49:12.0415 4768 usbohci - ok
15:49:12.0446 4768 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:49:12.0478 4768 usbprint - ok
15:49:12.0493 4768 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:49:12.0540 4768 USBSTOR - ok
15:49:12.0556 4768 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:49:12.0602 4768 usbuhci - ok
15:49:12.0618 4768 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:49:12.0696 4768 UxSms - ok
15:49:12.0712 4768 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:49:12.0712 4768 VaultSvc - ok
15:49:12.0743 4768 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:49:12.0758 4768 vdrvroot - ok
15:49:12.0774 4768 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:49:12.0821 4768 vds - ok
15:49:12.0836 4768 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:49:12.0868 4768 vga - ok
15:49:12.0868 4768 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:49:12.0914 4768 VgaSave - ok
15:49:12.0930 4768 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:49:12.0946 4768 vhdmp - ok
15:49:12.0961 4768 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:49:12.0977 4768 viaide - ok
15:49:12.0992 4768 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:49:13.0024 4768 VMBusHID - ok
15:49:13.0055 4768 [ 93F279A2C172562050700A18FA84BE2E ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
15:49:13.0102 4768 vncmirror - ok
15:49:13.0133 4768 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:49:13.0164 4768 volmgr - ok
15:49:13.0180 4768 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:49:13.0195 4768 volmgrx - ok
15:49:13.0211 4768 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:49:13.0226 4768 volsnap - ok
15:49:13.0258 4768 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
15:49:13.0273 4768 vpcbus - ok
15:49:13.0304 4768 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:49:13.0336 4768 vpcnfltr - ok
15:49:13.0351 4768 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
15:49:13.0382 4768 vpcusb - ok
15:49:13.0414 4768 [ 30D4243726A15A14F5C5E45898D14394 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
15:49:13.0445 4768 vpcvmm - ok
15:49:13.0460 4768 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:49:13.0492 4768 vsmraid - ok
15:49:13.0523 4768 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:49:13.0601 4768 VSS - ok
15:49:13.0616 4768 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:49:13.0648 4768 vwifibus - ok
15:49:13.0663 4768 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:49:13.0694 4768 W32Time - ok
15:49:13.0710 4768 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:49:13.0741 4768 WacomPen - ok
15:49:13.0757 4768 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:49:13.0835 4768 WANARP - ok
15:49:13.0850 4768 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:49:13.0866 4768 Wanarpv6 - ok
15:49:13.0897 4768 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:49:13.0944 4768 WatAdminSvc - ok
15:49:13.0975 4768 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:49:14.0069 4768 wbengine - ok
15:49:14.0084 4768 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:49:14.0131 4768 WbioSrvc - ok
15:49:14.0131 4768 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:49:14.0178 4768 wcncsvc - ok
15:49:14.0178 4768 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:49:14.0209 4768 WcsPlugInService - ok
15:49:14.0225 4768 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:49:14.0256 4768 Wd - ok
15:49:14.0287 4768 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:49:14.0318 4768 Wdf01000 - ok
15:49:14.0334 4768 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:49:14.0412 4768 WdiServiceHost - ok
15:49:14.0412 4768 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:49:14.0443 4768 WdiSystemHost - ok
15:49:14.0443 4768 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:49:14.0490 4768 WebClient - ok
15:49:14.0506 4768 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:49:14.0584 4768 Wecsvc - ok
15:49:14.0584 4768 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:49:14.0615 4768 wercplsupport - ok
15:49:14.0646 4768 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:49:14.0708 4768 WerSvc - ok
15:49:14.0724 4768 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:49:14.0771 4768 WfpLwf - ok
15:49:14.0802 4768 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:49:14.0818 4768 WimFltr - ok
15:49:14.0833 4768 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:49:14.0833 4768 WIMMount - ok
15:49:14.0849 4768 WinDefend - ok
15:49:14.0849 4768 WinHttpAutoProxySvc - ok
15:49:14.0896 4768 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:49:14.0927 4768 Winmgmt - ok
15:49:14.0974 4768 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:49:15.0067 4768 WinRM - ok
15:49:15.0098 4768 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:49:15.0114 4768 WinUsb - ok
15:49:15.0192 4768 [ 3DB45948974EF42289E8E12FCE02DA9D ] WinVNC4 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
15:49:15.0239 4768 WinVNC4 - ok
15:49:15.0270 4768 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:49:15.0317 4768 Wlansvc - ok
15:49:15.0348 4768 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:49:15.0348 4768 wlcrasvc - ok
15:49:15.0410 4768 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:49:15.0442 4768 wlidsvc - ok
15:49:15.0473 4768 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:49:15.0504 4768 WmiAcpi - ok
15:49:15.0520 4768 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:49:15.0566 4768 wmiApSrv - ok
15:49:15.0582 4768 WMPNetworkSvc - ok
15:49:15.0598 4768 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:49:15.0644 4768 WPCSvc - ok
15:49:15.0644 4768 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:49:15.0676 4768 WPDBusEnum - ok
15:49:15.0691 4768 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:49:15.0722 4768 ws2ifsl - ok
15:49:15.0738 4768 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:49:15.0769 4768 wscsvc - ok
15:49:15.0769 4768 WSearch - ok
15:49:15.0832 4768 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:49:15.0863 4768 wuauserv - ok
15:49:15.0894 4768 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:49:15.0925 4768 WudfPf - ok
15:49:15.0941 4768 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:49:15.0988 4768 WUDFRd - ok
15:49:16.0003 4768 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:49:16.0034 4768 wudfsvc - ok
15:49:16.0066 4768 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:49:16.0097 4768 WwanSvc - ok
15:49:16.0097 4768 ================ Scan global ===============================
15:49:16.0128 4768 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:49:16.0144 4768 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:49:16.0159 4768 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:49:16.0190 4768 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:49:16.0206 4768 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:49:16.0237 4768 [Global] - ok
15:49:16.0237 4768 ================ Scan MBR ==================================
15:49:16.0237 4768 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:49:16.0471 4768 \Device\Harddisk0\DR0 - ok
15:49:16.0487 4768 ================ Scan VBR ==================================
15:49:16.0487 4768 [ E54268B1E50FA8F8AAE1FEC95838D39B ] \Device\Harddisk0\DR0\Partition1
15:49:16.0487 4768 \Device\Harddisk0\DR0\Partition1 - ok
15:49:16.0502 4768 [ 5DEF28E0FF37218EEA8C856F44B0F823 ] \Device\Harddisk0\DR0\Partition2
15:49:16.0502 4768 \Device\Harddisk0\DR0\Partition2 - ok
15:49:16.0518 4768 [ E879765625DDB7A085A3BF9B5B3DD310 ] \Device\Harddisk0\DR0\Partition3
15:49:16.0518 4768 \Device\Harddisk0\DR0\Partition3 - ok
15:49:16.0518 4768 ================ Scan active images ========================
15:49:16.0518 4768 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
15:49:16.0518 4768 C:\Windows\System32\drivers\crashdmp.sys - ok
15:49:16.0534 4768 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
15:49:16.0534 4768 C:\Windows\System32\drivers\Dumpata.sys - ok
15:49:16.0534 4768 [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys
15:49:16.0534 4768 C:\Windows\System32\drivers\atapi.sys - ok
15:49:16.0534 4768 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
15:49:16.0534 4768 C:\Windows\System32\drivers\dumpfve.sys - ok
15:49:16.0534 4768 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
15:49:16.0534 4768 C:\Windows\System32\drivers\beep.sys - ok
15:49:16.0549 4768 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
15:49:16.0549 4768 C:\Windows\System32\drivers\cdrom.sys - ok
15:49:16.0549 4768 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
15:49:16.0549 4768 C:\Windows\System32\drivers\null.sys - ok
15:49:16.0549 4768 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
15:49:16.0549 4768 C:\Windows\System32\drivers\RDPCDD.sys - ok
15:49:16.0549 4768 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
15:49:16.0549 4768 C:\Windows\System32\drivers\vga.sys - ok
15:49:16.0565 4768 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\videoprt.sys - ok
15:49:16.0565 4768 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\watchdog.sys - ok
15:49:16.0565 4768 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\msfs.sys - ok
15:49:16.0565 4768 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\RDPENCDD.sys - ok
15:49:16.0565 4768 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\RDPREFMP.sys - ok
15:49:16.0565 4768 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\npfs.sys - ok
15:49:16.0565 4768 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\tdi.sys - ok
15:49:16.0565 4768 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
15:49:16.0565 4768 C:\Windows\System32\drivers\tdx.sys - ok
15:49:16.0580 4768 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\afd.sys - ok
15:49:16.0580 4768 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\netbt.sys - ok
15:49:16.0580 4768 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\pacer.sys - ok
15:49:16.0580 4768 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\wfplwf.sys - ok
15:49:16.0580 4768 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\netbios.sys - ok
15:49:16.0580 4768 [ 5922B1F5741BBDBAF7F7B4CBD2B7C4A5 ] C:\Windows\System32\drivers\tmlwf.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\tmlwf.sys - ok
15:49:16.0580 4768 [ E675FB2B48C54F09895482E2253B289C ] C:\Windows\System32\drivers\vpcnfltr.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\vpcnfltr.sys - ok
15:49:16.0580 4768 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
15:49:16.0580 4768 C:\Windows\System32\drivers\wanarp.sys - ok
15:49:16.0596 4768 [ 30D4243726A15A14F5C5E45898D14394 ] C:\Windows\System32\drivers\vpcvmm.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\vpcvmm.sys - ok
15:49:16.0596 4768 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\termdd.sys - ok
15:49:16.0596 4768 [ E5021A4A72204C15C52C546F9301BAEF ] C:\Windows\System32\drivers\tmtdi.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\tmtdi.sys - ok
15:49:16.0596 4768 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\nsiproxy.sys - ok
15:49:16.0596 4768 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\rdbss.sys - ok
15:49:16.0596 4768 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\discache.sys - ok
15:49:16.0596 4768 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\mssmbios.sys - ok
15:49:16.0596 4768 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
15:49:16.0596 4768 C:\Windows\System32\drivers\csc.sys - ok
15:49:16.0612 4768 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
15:49:16.0612 4768 C:\Windows\System32\drivers\blbdrive.sys - ok
15:49:16.0612 4768 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
15:49:16.0612 4768 C:\Windows\System32\drivers\dfsc.sys - ok
15:49:16.0612 4768 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
15:49:16.0612 4768 C:\Windows\System32\drivers\tunnel.sys - ok
15:49:16.0612 4768 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
15:49:16.0612 4768 C:\Windows\System32\smss.exe - ok
15:49:16.0612 4768 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
15:49:16.0612 4768 C:\Windows\System32\ntdll.dll - ok
15:49:16.0612 4768 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
15:49:16.0612 4768 C:\Windows\System32\autochk.exe - ok
15:49:16.0612 4768 [ A1CF07D24EDCDC6870535471654D957C ] C:\Windows\System32\drivers\igdkmd64.sys
15:49:16.0612 4768 C:\Windows\System32\drivers\igdkmd64.sys - ok
15:49:16.0612 4768 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
15:49:16.0612 4768 C:\Windows\System32\drivers\dxgkrnl.sys - ok
15:49:16.0627 4768 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\dxgmms1.sys - ok
15:49:16.0627 4768 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] C:\Windows\System32\drivers\HECIx64.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\HECIx64.sys - ok
15:49:16.0627 4768 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\usbehci.sys - ok
15:49:16.0627 4768 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\usbport.sys - ok
15:49:16.0627 4768 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\hdaudbus.sys - ok
15:49:16.0627 4768 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] C:\Windows\System32\drivers\Rt64win7.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\Rt64win7.sys - ok
15:49:16.0627 4768 [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
15:49:16.0627 4768 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
15:49:16.0627 4768 C:\Windows\System32\drivers\intelppm.sys - ok
15:49:16.0643 4768 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\CompositeBus.sys - ok
15:49:16.0643 4768 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\agilevpn.sys - ok
15:49:16.0643 4768 [ 93F279A2C172562050700A18FA84BE2E ] C:\Windows\System32\drivers\vncmirror.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\vncmirror.sys - ok
15:49:16.0643 4768 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\rasl2tp.sys - ok
15:49:16.0643 4768 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\ndistapi.sys - ok
15:49:16.0643 4768 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\ndiswan.sys - ok
15:49:16.0643 4768 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\raspppoe.sys - ok
15:49:16.0643 4768 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
15:49:16.0643 4768 C:\Windows\System32\drivers\raspptp.sys - ok
15:49:16.0658 4768 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\rassstp.sys - ok
15:49:16.0658 4768 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\rdpbus.sys - ok
15:49:16.0658 4768 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\kbdclass.sys - ok
15:49:16.0658 4768 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\mouclass.sys - ok
15:49:16.0658 4768 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\ks.sys - ok
15:49:16.0658 4768 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\swenum.sys - ok
15:49:16.0658 4768 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\umbus.sys - ok
15:49:16.0658 4768 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
15:49:16.0658 4768 C:\Windows\System32\drivers\usbd.sys - ok
15:49:16.0674 4768 [ C3EC945DEC43C00E2AD4C98DDDD064C7 ] C:\Windows\System32\drivers\usbrpm.sys
15:49:16.0674 4768 C:\Windows\System32\drivers\usbrpm.sys - ok
15:49:16.0674 4768 [ 5FB42082B0D19A0268705F1DD343DF20 ] C:\Windows\System32\drivers\vpcusb.sys
15:49:16.0674 4768 C:\Windows\System32\drivers\vpcusb.sys - ok
15:49:16.0674 4768 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] C:\Windows\System32\drivers\vpchbus.sys
15:49:16.0674 4768 C:\Windows\System32\drivers\vpchbus.sys - ok
15:49:16.0674 4768 [ 8B892002D7B79312821169A14317AB86 ] C:\Windows\System32\drivers\usbhub.sys
15:49:16.0674 4768 C:\Windows\System32\drivers\usbhub.sys - ok
15:49:16.0674 4768 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
15:49:16.0674 4768 C:\Windows\System32\msvcrt.dll - ok
15:49:16.0674 4768 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
15:49:16.0674 4768 C:\Windows\System32\drivers\ndproxy.sys - ok
15:49:16.0674 4768 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] C:\Windows\System32\drivers\CHDRT64.sys
15:49:16.0674 4768 C:\Windows\System32\drivers\CHDRT64.sys - ok
15:49:16.0674 4768 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
15:49:16.0674 4768 C:\Windows\System32\drivers\drmk.sys - ok
15:49:16.0690 4768 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
15:49:16.0690 4768 C:\Windows\System32\drivers\portcls.sys - ok
15:49:16.0690 4768 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
15:49:16.0690 4768 C:\Windows\System32\drivers\ksthunk.sys - ok
15:49:16.0690 4768 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
15:49:16.0690 4768 C:\Windows\System32\wininet.dll - ok
15:49:16.0690 4768 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
15:49:16.0690 4768 C:\Windows\System32\setupapi.dll - ok
15:49:16.0690 4768 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
15:49:16.0690 4768 C:\Windows\System32\shlwapi.dll - ok
15:49:16.0690 4768 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
15:49:16.0690 4768 C:\Windows\System32\advapi32.dll - ok
15:49:16.0690 4768 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
15:49:16.0690 4768 C:\Windows\System32\comdlg32.dll - ok
15:49:16.0690 4768 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
15:49:16.0690 4768 C:\Windows\System32\ole32.dll - ok
15:49:16.0690 4768 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
15:49:16.0690 4768 C:\Windows\System32\lpk.dll - ok
15:49:16.0705 4768 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
15:49:16.0705 4768 C:\Windows\System32\msctf.dll - ok
15:49:16.0705 4768 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
15:49:16.0705 4768 C:\Windows\System32\imagehlp.dll - ok
15:49:16.0705 4768 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
15:49:16.0705 4768 C:\Windows\System32\Wldap32.dll - ok
15:49:16.0705 4768 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
15:49:16.0705 4768 C:\Windows\System32\iertutil.dll - ok
15:49:16.0705 4768 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
15:49:16.0705 4768 C:\Windows\System32\difxapi.dll - ok
15:49:16.0705 4768 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
15:49:16.0705 4768 C:\Windows\System32\normaliz.dll - ok
15:49:16.0705 4768 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
15:49:16.0705 4768 C:\Windows\System32\psapi.dll - ok
15:49:16.0705 4768 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
15:49:16.0705 4768 C:\Windows\System32\usp10.dll - ok
15:49:16.0721 4768 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
15:49:16.0721 4768 C:\Windows\System32\oleaut32.dll - ok
15:49:16.0721 4768 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
15:49:16.0721 4768 C:\Windows\System32\user32.dll - ok
15:49:16.0721 4768 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
15:49:16.0721 4768 C:\Windows\System32\ws2_32.dll - ok
15:49:16.0721 4768 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
15:49:16.0721 4768 C:\Windows\System32\gdi32.dll - ok
15:49:16.0721 4768 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
15:49:16.0721 4768 C:\Windows\System32\rpcrt4.dll - ok
15:49:16.0721 4768 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
15:49:16.0721 4768 C:\Windows\System32\sechost.dll - ok
15:49:16.0721 4768 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
15:49:16.0721 4768 C:\Windows\System32\clbcatq.dll - ok
15:49:16.0721 4768 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
15:49:16.0721 4768 C:\Windows\System32\kernel32.dll - ok
15:49:16.0736 4768 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
15:49:16.0736 4768 C:\Windows\System32\imm32.dll - ok
15:49:16.0736 4768 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
15:49:16.0736 4768 C:\Windows\System32\nsi.dll - ok
15:49:16.0736 4768 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
15:49:16.0736 4768 C:\Windows\System32\urlmon.dll - ok
15:49:16.0736 4768 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
15:49:16.0736 4768 C:\Windows\System32\shell32.dll - ok
15:49:16.0736 4768 [ FC727061C0F47C8059E88E05D5C8E381 ] C:\Windows\System32\drivers\IntcDAud.sys
15:49:16.0736 4768 C:\Windows\System32\drivers\IntcDAud.sys - ok
15:49:16.0736 4768 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
15:49:16.0736 4768 C:\Windows\System32\crypt32.dll - ok
15:49:16.0736 4768 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
15:49:16.0736 4768 C:\Windows\System32\cfgmgr32.dll - ok
15:49:16.0736 4768 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
15:49:16.0736 4768 C:\Windows\System32\comctl32.dll - ok
15:49:16.0736 4768 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
15:49:16.0736 4768 C:\Windows\System32\wintrust.dll - ok
15:49:16.0752 4768 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
15:49:16.0752 4768 C:\Windows\System32\KernelBase.dll - ok
15:49:16.0752 4768 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
15:49:16.0752 4768 C:\Windows\System32\devobj.dll - ok
15:49:16.0752 4768 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
15:49:16.0752 4768 C:\Windows\System32\msasn1.dll - ok
15:49:16.0752 4768 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
15:49:16.0752 4768 C:\Windows\SysWOW64\normaliz.dll - ok
15:49:16.0752 4768 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
15:49:16.0752 4768 C:\Windows\System32\drivers\dxapi.sys - ok
15:49:16.0752 4768 [ 523B9B64F2B6C630A2E0A87116C05F12 ] C:\Windows\System32\win32k.sys
15:49:16.0752 4768 C:\Windows\System32\win32k.sys - ok
15:49:16.0752 4768 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
15:49:16.0752 4768 C:\Windows\System32\basesrv.dll - ok
15:49:16.0752 4768 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
15:49:16.0752 4768 C:\Windows\System32\csrsrv.dll - ok
15:49:16.0768 4768 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
15:49:16.0768 4768 C:\Windows\System32\csrss.exe - ok
15:49:16.0768 4768 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\System32\winsrv.dll
15:49:16.0768 4768 C:\Windows\System32\winsrv.dll - ok
15:49:16.0768 4768 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
15:49:16.0768 4768 C:\Windows\System32\drivers\monitor.sys - ok
15:49:16.0768 4768 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
15:49:16.0768 4768 C:\Windows\System32\sxssrv.dll - ok
15:49:16.0768 4768 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
15:49:16.0768 4768 C:\Windows\System32\tsddd.dll - ok
15:49:16.0768 4768 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
15:49:16.0768 4768 C:\Windows\System32\wininit.exe - ok
15:49:16.0768 4768 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
15:49:16.0768 4768 C:\Windows\System32\cdd.dll - ok
15:49:16.0768 4768 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
15:49:16.0768 4768 C:\Windows\System32\profapi.dll - ok
15:49:16.0783 4768 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
15:49:16.0783 4768 C:\Windows\System32\RpcRtRemote.dll - ok
15:49:16.0783 4768 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
15:49:16.0783 4768 C:\Windows\System32\KBDUS.DLL - ok
15:49:16.0783 4768 [ 73188F58FB384E75C4063D29413CEE3D ] C:\Windows\System32\drivers\usbprint.sys
15:49:16.0783 4768 C:\Windows\System32\drivers\usbprint.sys - ok
15:49:16.0783 4768 [ 54936A3C9CE94696CF70729B0781FF6A ] C:\Windows\System32\vncmirror.dll
15:49:16.0783 4768 C:\Windows\System32\vncmirror.dll - ok
15:49:16.0783 4768 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
15:49:16.0783 4768 C:\Windows\System32\WlS0WndH.dll - ok
15:49:16.0783 4768 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
15:49:16.0783 4768 C:\Windows\System32\sxs.dll - ok
15:49:16.0783 4768 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
15:49:16.0783 4768 C:\Windows\System32\cryptbase.dll - ok
15:49:16.0783 4768 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
15:49:16.0783 4768 C:\Windows\System32\apphelp.dll - ok
15:49:16.0799 4768 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
15:49:16.0799 4768 C:\Windows\System32\lsass.exe - ok
15:49:16.0799 4768 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
15:49:16.0799 4768 C:\Windows\System32\services.exe - ok
15:49:16.0799 4768 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
15:49:16.0799 4768 C:\Windows\System32\scext.dll - ok
15:49:16.0799 4768 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
15:49:16.0799 4768 C:\Windows\System32\secur32.dll - ok
15:49:16.0799 4768 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
15:49:16.0799 4768 C:\Windows\System32\sspicli.dll - ok
15:49:16.0799 4768 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
15:49:16.0799 4768 C:\Windows\System32\sspisrv.dll - ok
15:49:16.0799 4768 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
15:49:16.0799 4768 C:\Windows\System32\lsm.exe - ok
15:49:16.0799 4768 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
15:49:16.0799 4768 C:\Windows\System32\sysntfy.dll - ok
15:49:16.0799 4768 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
15:49:16.0799 4768 C:\Windows\System32\wmsgapi.dll - ok
15:49:16.0814 4768 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
15:49:16.0814 4768 C:\Windows\System32\scesrv.dll - ok
15:49:16.0814 4768 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
15:49:16.0814 4768 C:\Windows\System32\srvcli.dll - ok
15:49:16.0814 4768 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
15:49:16.0814 4768 C:\Windows\System32\lsasrv.dll - ok
15:49:16.0814 4768 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
15:49:16.0814 4768 C:\Windows\System32\samsrv.dll - ok
15:49:16.0814 4768 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
15:49:16.0814 4768 C:\Windows\System32\authz.dll - ok
15:49:16.0814 4768 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
15:49:16.0814 4768 C:\Windows\System32\cngaudit.dll - ok
15:49:16.0814 4768 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
15:49:16.0814 4768 C:\Windows\System32\cryptdll.dll - ok
15:49:16.0814 4768 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
15:49:16.0814 4768 C:\Windows\System32\ncrypt.dll - ok
15:49:16.0830 4768 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
15:49:16.0830 4768 C:\Windows\System32\wevtapi.dll - ok
15:49:16.0830 4768 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
15:49:16.0830 4768 C:\Windows\System32\bcrypt.dll - ok
15:49:16.0830 4768 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
15:49:16.0830 4768 C:\Windows\System32\msprivs.dll - ok
15:49:16.0830 4768 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
15:49:16.0830 4768 C:\Windows\System32\netjoin.dll - ok
15:49:16.0830 4768 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
15:49:16.0830 4768 C:\Windows\System32\negoexts.dll - ok
15:49:16.0830 4768 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
15:49:16.0830 4768 C:\Windows\System32\winlogon.exe - ok
15:49:16.0830 4768 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
15:49:16.0830 4768 C:\Windows\System32\kerberos.dll - ok
15:49:16.0830 4768 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
15:49:16.0830 4768 C:\Windows\System32\winsta.dll - ok
15:49:16.0846 4768 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
15:49:16.0846 4768 C:\Windows\System32\cryptsp.dll - ok
15:49:16.0846 4768 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
15:49:16.0846 4768 C:\Windows\System32\mswsock.dll - ok
15:49:16.0846 4768 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
15:49:16.0846 4768 C:\Windows\System32\wship6.dll - ok
15:49:16.0846 4768 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
15:49:16.0846 4768 C:\Windows\System32\msv1_0.dll - ok
15:49:16.0846 4768 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
15:49:16.0846 4768 C:\Windows\System32\netlogon.dll - ok
15:49:16.0846 4768 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
15:49:16.0846 4768 C:\Windows\System32\dnsapi.dll - ok
15:49:16.0846 4768 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
15:49:16.0846 4768 C:\Windows\System32\logoncli.dll - ok
15:49:16.0846 4768 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
15:49:16.0846 4768 C:\Windows\System32\schannel.dll - ok
15:49:16.0846 4768 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
15:49:16.0846 4768 C:\Windows\System32\drivers\hidclass.sys - ok
15:49:16.0861 4768 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
15:49:16.0861 4768 C:\Windows\System32\drivers\hidparse.sys - ok
15:49:16.0861 4768 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
15:49:16.0861 4768 C:\Windows\System32\drivers\hidusb.sys - ok
15:49:16.0861 4768 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
15:49:16.0861 4768 C:\Windows\System32\drivers\USBSTOR.SYS - ok
15:49:16.0861 4768 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
15:49:16.0861 4768 C:\Windows\System32\wdigest.dll - ok
15:49:16.0861 4768 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
15:49:16.0861 4768 C:\Windows\System32\pku2u.dll - ok
15:49:16.0861 4768 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
15:49:16.0861 4768 C:\Windows\System32\rsaenh.dll - ok
15:49:16.0861 4768 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
15:49:16.0861 4768 C:\Windows\System32\TSpkg.dll - ok
15:49:16.0861 4768 [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
15:49:16.0861 4768 C:\Windows\System32\LIVESSP.DLL - ok
15:49:16.0877 4768 [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
15:49:16.0877 4768 C:\Windows\System32\atmfd.dll - ok
15:49:16.0877 4768 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
15:49:16.0877 4768 C:\Windows\System32\bcryptprimitives.dll - ok
15:49:16.0877 4768 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
15:49:16.0877 4768 C:\Windows\System32\credssp.dll - ok
15:49:16.0877 4768 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
15:49:16.0877 4768 C:\Windows\System32\efslsaext.dll - ok
15:49:16.0877 4768 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
15:49:16.0877 4768 C:\Windows\System32\scecli.dll - ok
15:49:16.0877 4768 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
15:49:16.0877 4768 C:\Windows\System32\ubpm.dll - ok
15:49:16.0877 4768 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
15:49:16.0877 4768 C:\Windows\System32\svchost.exe - ok
15:49:16.0877 4768 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
15:49:16.0877 4768 C:\Windows\System32\drivers\mouhid.sys - ok
15:49:16.0892 4768 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
15:49:16.0892 4768 C:\Windows\System32\umpnpmgr.dll - ok
15:49:16.0892 4768 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
15:49:16.0892 4768 C:\Windows\System32\devrtl.dll - ok
15:49:16.0892 4768 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
15:49:16.0892 4768 C:\Windows\System32\SPInf.dll - ok
15:49:16.0892 4768 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
15:49:16.0892 4768 C:\Windows\System32\userenv.dll - ok
15:49:16.0892 4768 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
15:49:16.0892 4768 C:\Windows\System32\gpapi.dll - ok
15:49:16.0892 4768 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
15:49:16.0892 4768 C:\Windows\System32\pcwum.dll - ok
15:49:16.0892 4768 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] C:\Windows\System32\umpo.dll
15:49:16.0892 4768 C:\Windows\System32\umpo.dll - ok
15:49:16.0892 4768 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
15:49:16.0892 4768 C:\Windows\System32\powrprof.dll - ok
15:49:16.0892 4768 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
15:49:16.0892 4768 C:\Windows\System32\drivers\luafv.sys - ok
15:49:16.0908 4768 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
15:49:16.0908 4768 C:\Windows\System32\drivers\WUDFPf.sys - ok
15:49:16.0908 4768 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
15:49:16.0908 4768 C:\Windows\System32\rpcss.dll - ok
15:49:16.0908 4768 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
15:49:16.0908 4768 C:\Windows\System32\RpcEpMap.dll - ok
15:49:16.0908 4768 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
15:49:16.0908 4768 C:\Windows\System32\WSHTCPIP.DLL - ok
15:49:16.0908 4768 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
15:49:16.0908 4768 C:\Windows\System32\wshqos.dll - ok
15:49:16.0908 4768 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
15:49:16.0908 4768 C:\Windows\System32\LogonUI.exe - ok
15:49:16.0908 4768 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
15:49:16.0908 4768 C:\Windows\System32\FirewallAPI.dll - ok
15:49:16.0908 4768 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
15:49:16.0908 4768 C:\Windows\System32\version.dll - ok
15:49:16.0924 4768 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
15:49:16.0924 4768 C:\Windows\System32\authui.dll - ok
15:49:16.0924 4768 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
15:49:16.0924 4768 C:\Windows\System32\wevtsvc.dll - ok
15:49:16.0924 4768 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
15:49:16.0924 4768 C:\Windows\System32\mmcss.dll - ok
15:49:16.0924 4768 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
15:49:16.0924 4768 C:\Windows\System32\avrt.dll - ok
15:49:16.0924 4768 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
15:49:16.0924 4768 C:\Windows\System32\audiosrv.dll - ok
15:49:16.0924 4768 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
15:49:16.0924 4768 C:\Windows\System32\profsvc.dll - ok
15:49:16.0924 4768 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
15:49:16.0924 4768 C:\Windows\System32\MMDevAPI.dll - ok
15:49:16.0924 4768 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
15:49:16.0924 4768 C:\Windows\System32\propsys.dll - ok
15:49:16.0939 4768 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
15:49:16.0939 4768 C:\Windows\System32\audiodg.exe - ok
15:49:16.0939 4768 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
15:49:16.0939 4768 C:\Windows\System32\adtschema.dll - ok
15:49:16.0939 4768 [ 19AD7990C0B67E48DAC5B26F99628223 ] C:\Windows\System32\drivers\usbccgp.sys
15:49:16.0939 4768 C:\Windows\System32\drivers\usbccgp.sys - ok
15:49:16.0939 4768 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
15:49:16.0939 4768 C:\Windows\System32\drivers\kbdhid.sys - ok
15:49:16.0939 4768 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
15:49:16.0939 4768 C:\Windows\System32\ntmarta.dll - ok
15:49:16.0939 4768 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
15:49:16.0939 4768 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
15:49:16.0939 4768 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll
15:49:16.0939 4768 C:\Windows\System32\cscsvc.dll - ok
15:49:16.0939 4768 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
15:49:16.0939 4768 C:\Windows\System32\atl.dll - ok
15:49:16.0955 4768 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
15:49:16.0955 4768 C:\Windows\System32\themeservice.dll - ok
15:49:16.0955 4768 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
15:49:16.0955 4768 C:\Windows\System32\es.dll - ok
15:49:16.0955 4768 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
15:49:16.0955 4768 C:\Windows\System32\gpsvc.dll - ok
15:49:16.0955 4768 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
15:49:16.0955 4768 C:\Windows\System32\PeerDist.dll - ok
15:49:16.0955 4768 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
15:49:16.0955 4768 C:\Windows\System32\dsrole.dll - ok
15:49:16.0955 4768 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
15:49:16.0955 4768 C:\Windows\System32\nlaapi.dll - ok
15:49:16.0955 4768 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
15:49:16.0955 4768 C:\Windows\System32\slc.dll - ok
15:49:16.0955 4768 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
15:49:16.0955 4768 C:\Windows\System32\comres.dll - ok
15:49:16.0955 4768 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
15:49:16.0955 4768 C:\Windows\System32\Sens.dll - ok
15:49:16.0970 4768 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
15:49:16.0970 4768 C:\Windows\System32\taskschd.dll - ok
15:49:16.0970 4768 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
15:49:16.0970 4768 C:\Windows\System32\mstask.dll - ok
15:49:16.0970 4768 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
15:49:16.0970 4768 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
15:49:16.0970 4768 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
15:49:16.0970 4768 C:\Windows\System32\wtsapi32.dll - ok
15:49:16.0970 4768 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
15:49:16.0970 4768 C:\Windows\System32\cryptui.dll - ok
15:49:16.0970 4768 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
15:49:16.0970 4768 C:\Windows\System32\samlib.dll - ok
15:49:16.0970 4768 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
15:49:16.0970 4768 C:\Windows\System32\shacct.dll - ok
15:49:16.0970 4768 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
15:49:16.0970 4768 C:\Windows\System32\uxtheme.dll - ok
15:49:16.0986 4768 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
15:49:16.0986 4768 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
15:49:16.0986 4768 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
15:49:16.0986 4768 C:\Windows\System32\dui70.dll - ok
15:49:16.0986 4768 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
15:49:16.0986 4768 C:\Windows\System32\duser.dll - ok
15:49:16.0986 4768 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
15:49:16.0986 4768 C:\Windows\System32\SndVolSSO.dll - ok
15:49:16.0986 4768 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
15:49:16.0986 4768 C:\Windows\System32\dwmapi.dll - ok
15:49:16.0986 4768 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
15:49:16.0986 4768 C:\Windows\System32\hid.dll - ok
15:49:16.0986 4768 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
15:49:16.0986 4768 C:\Windows\System32\xmllite.dll - ok
15:49:16.0986 4768 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
15:49:16.0986 4768 C:\Windows\System32\WindowsCodecs.dll - ok
15:49:17.0002 4768 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
15:49:17.0002 4768 C:\Windows\System32\uxsms.dll - ok
15:49:17.0002 4768 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
15:49:17.0002 4768 C:\Windows\System32\WUDFSvc.dll - ok
15:49:17.0002 4768 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
15:49:17.0002 4768 C:\Windows\System32\WUDFPlatform.dll - ok
15:49:17.0002 4768 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
15:49:17.0002 4768 C:\Windows\System32\drivers\lltdio.sys - ok
15:49:17.0002 4768 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
15:49:17.0002 4768 C:\Windows\System32\drivers\rspndr.sys - ok
15:49:17.0002 4768 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
15:49:17.0002 4768 C:\Windows\System32\lmhsvc.dll - ok
15:49:17.0002 4768 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
15:49:17.0002 4768 C:\Windows\System32\nsisvc.dll - ok
15:49:17.0002 4768 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
15:49:17.0002 4768 C:\Windows\System32\IPHLPAPI.DLL - ok
15:49:17.0017 4768 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
15:49:17.0017 4768 C:\Windows\System32\winbrand.dll - ok
15:49:17.0017 4768 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
15:49:17.0017 4768 C:\Windows\System32\dnsrslvr.dll - ok
15:49:17.0017 4768 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
15:49:17.0017 4768 C:\Windows\System32\FWPUCLNT.DLL - ok
15:49:17.0017 4768 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
15:49:17.0017 4768 C:\Windows\System32\nrpsrv.dll - ok
15:49:17.0017 4768 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
15:49:17.0017 4768 C:\Windows\System32\winnsi.dll - ok
15:49:17.0017 4768 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
15:49:17.0017 4768 C:\Windows\System32\dhcpcsvc.dll - ok
15:49:17.0017 4768 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
15:49:17.0017 4768 C:\Windows\System32\dhcpcsvc6.dll - ok
15:49:17.0017 4768 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
15:49:17.0017 4768 C:\Windows\System32\dnsext.dll - ok
15:49:17.0017 4768 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
15:49:17.0017 4768 C:\Windows\System32\dhcpcore.dll - ok
15:49:17.0033 4768 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
15:49:17.0033 4768 C:\Windows\System32\dhcpcore6.dll - ok
15:49:17.0033 4768 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
15:49:17.0033 4768 C:\Windows\System32\shsvcs.dll - ok
15:49:17.0033 4768 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
15:49:17.0033 4768 C:\Windows\System32\schedsvc.dll - ok
15:49:17.0033 4768 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
15:49:17.0033 4768 C:\Windows\System32\drivers\fltMgr.sys - ok
15:49:17.0033 4768 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
15:49:17.0033 4768 C:\Windows\System32\PSHED.DLL - ok
15:49:17.0033 4768 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
15:49:17.0033 4768 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
15:49:17.0033 4768 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
15:49:17.0033 4768 C:\Windows\System32\ktmw32.dll - ok
15:49:17.0033 4768 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
15:49:17.0033 4768 C:\Windows\System32\netapi32.dll - ok
15:49:17.0048 4768 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
15:49:17.0048 4768 C:\Windows\System32\netutils.dll - ok
15:49:17.0048 4768 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
15:49:17.0048 4768 C:\Windows\System32\wkscli.dll - ok
15:49:17.0048 4768 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
15:49:17.0048 4768 C:\Windows\System32\fveapi.dll - ok
15:49:17.0048 4768 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
15:49:17.0048 4768 C:\Windows\System32\fvecerts.dll - ok
15:49:17.0048 4768 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
15:49:17.0048 4768 C:\Windows\System32\tbs.dll - ok
15:49:17.0048 4768 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
15:49:17.0048 4768 C:\Windows\System32\taskcomp.dll - ok
15:49:17.0048 4768 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
15:49:17.0048 4768 C:\Windows\System32\wiarpc.dll - ok
15:49:17.0048 4768 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
15:49:17.0048 4768 C:\Windows\System32\drivers\http.sys - ok
15:49:17.0064 4768 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
15:49:17.0064 4768 C:\Windows\System32\spoolsv.exe - ok
15:49:17.0064 4768 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
15:49:17.0064 4768 C:\Windows\System32\BFE.DLL - ok
15:49:17.0064 4768 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
15:49:17.0064 4768 C:\Windows\System32\VaultCredProvider.dll - ok
15:49:17.0064 4768 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
15:49:17.0064 4768 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
15:49:17.0064 4768 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
15:49:17.0064 4768 C:\Windows\System32\BioCredProv.dll - ok
15:49:17.0064 4768 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
15:49:17.0064 4768 C:\Windows\System32\winbio.dll - ok
15:49:17.0064 4768 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
15:49:17.0064 4768 C:\Windows\System32\credui.dll - ok
15:49:17.0064 4768 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
15:49:17.0064 4768 C:\Windows\System32\drivers\bowser.sys - ok
15:49:17.0064 4768 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
15:49:17.0064 4768 C:\Windows\System32\drivers\mpsdrv.sys - ok
15:49:17.0080 4768 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
15:49:17.0080 4768 C:\Windows\System32\samcli.dll - ok
15:49:17.0080 4768 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
15:49:17.0080 4768 C:\Windows\System32\vaultcli.dll - ok
15:49:17.0080 4768 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
15:49:17.0080 4768 C:\Windows\System32\certCredProvider.dll - ok
15:49:17.0080 4768 [ 7097425051CE67B450EBF2B1390AE492 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
15:49:17.0080 4768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
15:49:17.0080 4768 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
15:49:17.0080 4768 C:\Windows\System32\rasplap.dll - ok
15:49:17.0080 4768 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
15:49:17.0080 4768 C:\Windows\System32\rasapi32.dll - ok
15:49:17.0080 4768 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
15:49:17.0080 4768 C:\Windows\System32\drivers\mrxsmb.sys - ok
15:49:17.0080 4768 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
15:49:17.0080 4768 C:\Windows\System32\rasman.dll - ok
15:49:17.0095 4768 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
15:49:17.0095 4768 C:\Windows\System32\drivers\mrxsmb10.sys - ok
15:49:17.0095 4768 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
15:49:17.0095 4768 C:\Windows\System32\MPSSVC.dll - ok

(Continued next post, logs too long)

#10 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 29 January 2013 - 05:58 PM

(Continued from previous post)

15:49:17.0095 4768 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
15:49:17.0095 4768 C:\Windows\System32\rtutils.dll - ok
15:49:17.0095 4768 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
15:49:17.0095 4768 C:\Windows\System32\wfapigp.dll - ok
15:49:17.0095 4768 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
15:49:17.0095 4768 C:\Windows\System32\drivers\mrxsmb20.sys - ok
15:49:17.0095 4768 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
15:49:17.0095 4768 C:\Windows\System32\wkssvc.dll - ok
15:49:17.0095 4768 [ E8494519BCB9E3B1B72E5604993A76E3 ] C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
15:49:17.0095 4768 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe - ok
15:49:17.0111 4768 [ EBE9542554DAF801DA24CFDBC6AA209E ] C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll
15:49:17.0111 4768 C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll - ok
15:49:17.0111 4768 [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
15:49:17.0111 4768 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
15:49:17.0111 4768 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
15:49:17.0111 4768 C:\Windows\System32\mscms.dll - ok
15:49:17.0111 4768 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
15:49:17.0111 4768 C:\Windows\System32\pcasvc.dll - ok
15:49:17.0111 4768 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
15:49:17.0111 4768 C:\Windows\System32\snmptrap.exe - ok
15:49:17.0111 4768 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
15:49:17.0111 4768 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
15:49:17.0111 4768 [ 97902BF4AE575FD11D092616DB62E2C4 ] C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
15:49:17.0111 4768 C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll - ok
15:49:17.0111 4768 [ 8158913139DD41770A6A0DB62374A15A ] C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
15:49:17.0111 4768 C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll - ok
15:49:17.0126 4768 [ 50A142496351756730CB683E00391562 ] C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll
15:49:17.0126 4768 C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll - ok
15:49:17.0126 4768 [ 85605784E07B17A6C3C69444BF8792DA ] C:\Program Files\Trend Micro\AMSP\utilInstallation.dll
15:49:17.0126 4768 C:\Program Files\Trend Micro\AMSP\utilInstallation.dll - ok
15:49:17.0126 4768 [ DB62CB0840BF84E9DFD646F39B6EF742 ] C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll
15:49:17.0126 4768 C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll - ok
15:49:17.0126 4768 [ B9562B9088E56D01F04F72A2452018F9 ] C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll
15:49:17.0126 4768 C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll - ok
15:49:17.0126 4768 [ 9423C9A80BFAE56CBACF82097AE17F78 ] C:\Program Files\Trend Micro\AMSP\utilThread.dll
15:49:17.0126 4768 C:\Program Files\Trend Micro\AMSP\utilThread.dll - ok
15:49:17.0126 4768 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
15:49:17.0126 4768 C:\Windows\System32\dbghelp.dll - ok
15:49:17.0126 4768 [ 6AF3002BE88C56382CD87AA0884D7D30 ] C:\Windows\System32\drivers\tmcomm.sys
15:49:17.0126 4768 C:\Windows\System32\drivers\tmcomm.sys - ok
15:49:17.0126 4768 [ 26EA5614E31EEA755C42E28D9B3CD7B9 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
15:49:17.0126 4768 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe - ok
15:49:17.0142 4768 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
15:49:17.0142 4768 C:\Windows\System32\conhost.exe - ok
15:49:17.0142 4768 [ 063B2C13F62F873E14C29A223C409AD8 ] C:\Windows\System32\drivers\tmevtmgr.sys
15:49:17.0142 4768 C:\Windows\System32\drivers\tmevtmgr.sys - ok
15:49:17.0142 4768 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
15:49:17.0142 4768 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
15:49:17.0142 4768 [ E9A0777DCA9148157E0EF9B71D7DE353 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
15:49:17.0142 4768 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
15:49:17.0142 4768 [ 89DC033F4EE8F171826B1845C2136033 ] C:\Windows\System32\drivers\tmactmon.sys
15:49:17.0142 4768 C:\Windows\System32\drivers\tmactmon.sys - ok
15:49:17.0142 4768 [ 0BA4D8CE0C214F7208E72B3B8F8B7895 ] C:\Windows\System32\vpc.exe
15:49:17.0142 4768 C:\Windows\System32\vpc.exe - ok
15:49:17.0142 4768 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
15:49:17.0142 4768 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
15:49:17.0142 4768 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
15:49:17.0142 4768 C:\Windows\System32\PeerDistSh.dll - ok
15:49:17.0158 4768 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
15:49:17.0158 4768 C:\Windows\System32\sstpsvc.dll - ok
15:49:17.0158 4768 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
15:49:17.0158 4768 C:\Windows\System32\provsvc.dll - ok
15:49:17.0158 4768 [ 3F5D34F630261BE31168D6EEC38C9B99 ] C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
15:49:17.0158 4768 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe - ok
15:49:17.0158 4768 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
15:49:17.0158 4768 C:\Windows\System32\UXInit.dll - ok
15:49:17.0158 4768 [ 5E74C4F95B29B5645939606B5434AC42 ] C:\Program Files\Trend Micro\AMSP\sqlite3.dll
15:49:17.0158 4768 C:\Program Files\Trend Micro\AMSP\sqlite3.dll - ok
15:49:17.0158 4768 [ 3927397AC60D943DAF8808AFFED582B7 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:17.0158 4768 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
15:49:17.0158 4768 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
15:49:17.0158 4768 C:\Windows\SysWOW64\ntdll.dll - ok
15:49:17.0173 4768 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
15:49:17.0173 4768 C:\Windows\System32\oleacc.dll - ok
15:49:17.0173 4768 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
15:49:17.0173 4768 C:\Windows\System32\UIAutomationCore.dll - ok
15:49:17.0173 4768 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
15:49:17.0173 4768 C:\Windows\System32\imageres.dll - ok
15:49:17.0173 4768 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
15:49:17.0173 4768 C:\Windows\System32\wow64.dll - ok
15:49:17.0173 4768 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
15:49:17.0173 4768 C:\Windows\System32\wow64win.dll - ok
15:49:17.0173 4768 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
15:49:17.0173 4768 C:\Windows\System32\wow64cpu.dll - ok
15:49:17.0173 4768 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
15:49:17.0173 4768 C:\Windows\SysWOW64\kernel32.dll - ok
15:49:17.0173 4768 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
15:49:17.0173 4768 C:\Windows\SysWOW64\KernelBase.dll - ok
15:49:17.0173 4768 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
15:49:17.0173 4768 C:\Windows\SysWOW64\user32.dll - ok
15:49:17.0189 4768 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\gdi32.dll - ok
15:49:17.0189 4768 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\lpk.dll - ok
15:49:17.0189 4768 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\usp10.dll - ok
15:49:17.0189 4768 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\msvcrt.dll - ok
15:49:17.0189 4768 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\advapi32.dll - ok
15:49:17.0189 4768 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\rpcrt4.dll - ok
15:49:17.0189 4768 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\sechost.dll - ok
15:49:17.0189 4768 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
15:49:17.0189 4768 C:\Windows\SysWOW64\cryptbase.dll - ok
15:49:17.0204 4768 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
15:49:17.0204 4768 C:\Windows\SysWOW64\shell32.dll - ok
15:49:17.0204 4768 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
15:49:17.0204 4768 C:\Windows\SysWOW64\sspicli.dll - ok
15:49:17.0204 4768 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
15:49:17.0204 4768 C:\Windows\System32\dllhost.exe - ok
15:49:17.0204 4768 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
15:49:17.0204 4768 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
15:49:17.0204 4768 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
15:49:17.0204 4768 C:\Windows\System32\IDStore.dll - ok
15:49:17.0204 4768 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
15:49:17.0204 4768 C:\Windows\System32\taskhost.exe - ok
15:49:17.0204 4768 [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
15:49:17.0204 4768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
15:49:17.0204 4768 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
15:49:17.0204 4768 C:\Windows\System32\mpr.dll - ok
15:49:17.0220 4768 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
15:49:17.0220 4768 C:\Windows\System32\PlaySndSrv.dll - ok
15:49:17.0220 4768 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
15:49:17.0220 4768 C:\Program Files\Bonjour\mdnsNSP.dll - ok
15:49:17.0220 4768 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
15:49:17.0220 4768 C:\Windows\System32\dwm.exe - ok
15:49:17.0220 4768 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
15:49:17.0220 4768 C:\Windows\System32\localspl.dll - ok
15:49:17.0220 4768 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
15:49:17.0220 4768 C:\Windows\System32\rasadhlp.dll - ok
15:49:17.0220 4768 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
15:49:17.0220 4768 C:\Windows\System32\umb.dll - ok
15:49:17.0220 4768 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
15:49:17.0220 4768 C:\Windows\System32\userinit.exe - ok
15:49:17.0220 4768 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
15:49:17.0220 4768 C:\Windows\System32\dwmcore.dll - ok
15:49:17.0236 4768 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
15:49:17.0236 4768 C:\Windows\System32\dwmredir.dll - ok
15:49:17.0236 4768 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
15:49:17.0236 4768 C:\Windows\System32\spoolss.dll - ok
15:49:17.0236 4768 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
15:49:17.0236 4768 C:\Windows\System32\FXSMON.dll - ok
15:49:17.0236 4768 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
15:49:17.0236 4768 C:\Windows\System32\PrintIsolationProxy.dll - ok
15:49:17.0236 4768 [ E53573E0F1B13DC288F1B918CDA4AE6D ] C:\Windows\System32\VNCpm.dll
15:49:17.0236 4768 C:\Windows\System32\VNCpm.dll - ok
15:49:17.0236 4768 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
15:49:17.0236 4768 C:\Windows\System32\winspool.drv - ok
15:49:17.0236 4768 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
15:49:17.0236 4768 C:\Windows\SysWOW64\ole32.dll - ok
15:49:17.0236 4768 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
15:49:17.0236 4768 C:\Windows\SysWOW64\shlwapi.dll - ok
15:49:17.0251 4768 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
15:49:17.0251 4768 C:\Windows\SysWOW64\crypt32.dll - ok
15:49:17.0251 4768 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
15:49:17.0251 4768 C:\Windows\SysWOW64\oleaut32.dll - ok
15:49:17.0251 4768 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
15:49:17.0251 4768 C:\Windows\SysWOW64\msasn1.dll - ok
15:49:17.0251 4768 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
15:49:17.0251 4768 C:\Windows\SysWOW64\wintrust.dll - ok
15:49:17.0251 4768 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
15:49:17.0251 4768 C:\Windows\SysWOW64\imm32.dll - ok
15:49:17.0251 4768 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
15:49:17.0251 4768 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
15:49:17.0251 4768 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
15:49:17.0251 4768 C:\Windows\SysWOW64\msctf.dll - ok
15:49:17.0251 4768 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:49:17.0251 4768 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
15:49:17.0267 4768 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
15:49:17.0267 4768 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
15:49:17.0267 4768 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
15:49:17.0267 4768 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
15:49:17.0267 4768 [ 8C22C6088057A00EAE7D963600F26EEB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
15:49:17.0267 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
15:49:17.0267 4768 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
15:49:17.0267 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
15:49:17.0267 4768 [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
15:49:17.0267 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
15:49:17.0267 4768 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
15:49:17.0267 4768 C:\Windows\SysWOW64\version.dll - ok
15:49:17.0267 4768 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
15:49:17.0267 4768 C:\Windows\SysWOW64\ws2_32.dll - ok
15:49:17.0267 4768 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
15:49:17.0267 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
15:49:17.0282 4768 [ 62169BDD927A67C360A35F4526429B01 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
15:49:17.0282 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
15:49:17.0282 4768 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
15:49:17.0282 4768 C:\Windows\SysWOW64\nsi.dll - ok
15:49:17.0282 4768 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
15:49:17.0282 4768 C:\Windows\SysWOW64\wsock32.dll - ok
15:49:17.0282 4768 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
15:49:17.0282 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
15:49:17.0282 4768 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
15:49:17.0282 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
15:49:17.0282 4768 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
15:49:17.0282 4768 C:\Windows\SysWOW64\winmm.dll - ok
15:49:17.0282 4768 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
15:49:17.0282 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
15:49:17.0298 4768 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
15:49:17.0298 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
15:49:17.0298 4768 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
15:49:17.0298 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
15:49:17.0298 4768 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
15:49:17.0298 4768 C:\Windows\System32\d3d10_1.dll - ok
15:49:17.0298 4768 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
15:49:17.0298 4768 C:\Windows\System32\d3d10_1core.dll - ok
15:49:17.0298 4768 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
15:49:17.0298 4768 C:\Windows\System32\dxgi.dll - ok
15:49:17.0298 4768 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
15:49:17.0298 4768 C:\Windows\explorer.exe - ok
15:49:17.0298 4768 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
15:49:17.0298 4768 C:\Windows\System32\ExplorerFrame.dll - ok
15:49:17.0298 4768 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
15:49:17.0298 4768 C:\Windows\System32\tcpmon.dll - ok
15:49:17.0314 4768 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
15:49:17.0314 4768 C:\Windows\System32\snmpapi.dll - ok
15:49:17.0314 4768 [ EFA67664E181EAF2DEA190EE71C0C9AB ] C:\Windows\System32\igd10umd64.dll
15:49:17.0314 4768 C:\Windows\System32\igd10umd64.dll - ok
15:49:17.0314 4768 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
15:49:17.0314 4768 C:\Windows\System32\MsCtfMonitor.dll - ok
15:49:17.0314 4768 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
15:49:17.0314 4768 C:\Windows\System32\msutb.dll - ok
15:49:17.0314 4768 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
15:49:17.0314 4768 C:\Windows\System32\winmm.dll - ok
15:49:17.0314 4768 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
15:49:17.0314 4768 C:\Windows\System32\HotStartUserAgent.dll - ok
15:49:17.0314 4768 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
15:49:17.0314 4768 C:\Windows\SysWOW64\profapi.dll - ok
15:49:17.0314 4768 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
15:49:17.0314 4768 C:\Windows\System32\EhStorShell.dll - ok
15:49:17.0329 4768 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
15:49:17.0329 4768 C:\Windows\System32\cscui.dll - ok
15:49:17.0329 4768 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
15:49:17.0329 4768 C:\Windows\System32\cscapi.dll - ok
15:49:17.0329 4768 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
15:49:17.0329 4768 C:\Windows\System32\cscdll.dll - ok
15:49:17.0329 4768 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
15:49:17.0329 4768 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
15:49:17.0329 4768 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
15:49:17.0329 4768 C:\Windows\System32\wsnmp32.dll - ok
15:49:17.0329 4768 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
15:49:17.0329 4768 C:\Windows\SysWOW64\setupapi.dll - ok
15:49:17.0329 4768 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
15:49:17.0329 4768 C:\Windows\SysWOW64\cfgmgr32.dll - ok
15:49:17.0329 4768 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
15:49:17.0329 4768 C:\Windows\SysWOW64\devobj.dll - ok
15:49:17.0345 4768 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
15:49:17.0345 4768 C:\Windows\SysWOW64\userenv.dll - ok
15:49:17.0345 4768 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
15:49:17.0345 4768 C:\Windows\System32\ntshrui.dll - ok
15:49:17.0345 4768 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
15:49:17.0345 4768 C:\Windows\System32\IconCodecService.dll - ok
15:49:17.0345 4768 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
15:49:17.0345 4768 C:\Windows\SysWOW64\dnssd.dll - ok
15:49:17.0345 4768 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
15:49:17.0345 4768 C:\Windows\SysWOW64\wtsapi32.dll - ok
15:49:17.0345 4768 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
15:49:17.0345 4768 C:\Windows\SysWOW64\ntmarta.dll - ok
15:49:17.0345 4768 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
15:49:17.0345 4768 C:\Windows\SysWOW64\Wldap32.dll - ok
15:49:17.0345 4768 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
15:49:17.0345 4768 C:\Windows\System32\msxml6.dll - ok
15:49:17.0345 4768 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
15:49:17.0345 4768 C:\Windows\System32\usbmon.dll - ok
15:49:17.0360 4768 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
15:49:17.0360 4768 C:\Windows\System32\WSDMon.dll - ok
15:49:17.0360 4768 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
15:49:17.0360 4768 C:\Windows\System32\WSDApi.dll - ok
15:49:17.0360 4768 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
15:49:17.0360 4768 C:\Windows\SysWOW64\mswsock.dll - ok
15:49:17.0360 4768 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
15:49:17.0360 4768 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
15:49:17.0360 4768 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
15:49:17.0360 4768 C:\Windows\System32\uDWM.dll - ok
15:49:17.0360 4768 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
15:49:17.0360 4768 C:\Program Files\Bonjour\mDNSResponder.exe - ok
15:49:17.0360 4768 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
15:49:17.0360 4768 C:\Windows\System32\cryptsvc.dll - ok
15:49:17.0360 4768 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
15:49:17.0360 4768 C:\Windows\System32\dps.dll - ok
15:49:17.0376 4768 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
15:49:17.0376 4768 C:\Windows\System32\FDResPub.dll - ok
15:49:17.0376 4768 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
15:49:17.0376 4768 C:\Windows\System32\IKEEXT.DLL - ok
15:49:17.0376 4768 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
15:49:17.0376 4768 C:\Windows\System32\vpnikeapi.dll - ok
15:49:17.0376 4768 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
15:49:17.0376 4768 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
15:49:17.0376 4768 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
15:49:17.0376 4768 C:\Windows\SysWOW64\wininet.dll - ok
15:49:17.0376 4768 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
15:49:17.0376 4768 C:\Windows\SysWOW64\iertutil.dll - ok
15:49:17.0376 4768 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
15:49:17.0376 4768 C:\Windows\System32\cryptnet.dll - ok
15:49:17.0376 4768 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
15:49:17.0376 4768 C:\Windows\System32\nlasvc.dll - ok
15:49:17.0392 4768 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
15:49:17.0392 4768 C:\Windows\System32\webservices.dll - ok
15:49:17.0392 4768 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
15:49:17.0392 4768 C:\Windows\System32\fundisc.dll - ok
15:49:17.0392 4768 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
15:49:17.0392 4768 C:\Windows\System32\fdPnp.dll - ok
15:49:17.0392 4768 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
15:49:17.0392 4768 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
15:49:17.0392 4768 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
15:49:17.0392 4768 C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe - ok
15:49:17.0392 4768 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
15:49:17.0392 4768 C:\Windows\System32\winhttp.dll - ok
15:49:17.0392 4768 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
15:49:17.0392 4768 C:\Windows\System32\webio.dll - ok
15:49:17.0392 4768 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
15:49:17.0392 4768 C:\Windows\System32\httpapi.dll - ok
15:49:17.0407 4768 [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
15:49:17.0407 4768 C:\Windows\System32\win32spl.dll - ok
15:49:17.0407 4768 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
15:49:17.0407 4768 C:\Windows\System32\inetpp.dll - ok
15:49:17.0407 4768 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
15:49:17.0407 4768 C:\Windows\SysWOW64\urlmon.dll - ok
15:49:17.0407 4768 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
15:49:17.0407 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
15:49:17.0407 4768 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
15:49:17.0407 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
15:49:17.0407 4768 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
15:49:17.0407 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
15:49:17.0407 4768 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
15:49:17.0407 4768 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
15:49:17.0407 4768 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
15:49:17.0407 4768 C:\Windows\SysWOW64\winnsi.dll - ok
15:49:17.0423 4768 [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
15:49:17.0423 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
15:49:17.0423 4768 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
15:49:17.0423 4768 C:\Windows\System32\ncsi.dll - ok
15:49:17.0423 4768 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
15:49:17.0423 4768 C:\Windows\System32\vssapi.dll - ok
15:49:17.0423 4768 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
15:49:17.0423 4768 C:\Windows\System32\vsstrace.dll - ok
15:49:17.0423 4768 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
15:49:17.0423 4768 C:\Windows\System32\ssdpapi.dll - ok
15:49:17.0423 4768 [ 5672C775FAB584EB5BABBB79C74C530E ] C:\Program Files (x86)\Dell\Dell Datasafe Online\BuEng.dll
15:49:17.0423 4768 C:\Program Files (x86)\Dell\Dell Datasafe Online\BuEng.dll - ok
15:49:17.0423 4768 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
15:49:17.0423 4768 C:\Windows\System32\wsock32.dll - ok
15:49:17.0423 4768 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
15:49:17.0423 4768 C:\Windows\System32\aepic.dll - ok
15:49:17.0438 4768 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
15:49:17.0438 4768 C:\Windows\System32\drivers\PEAuth.sys - ok
15:49:17.0438 4768 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
15:49:17.0438 4768 C:\Windows\System32\drivers\secdrv.sys - ok
15:49:17.0438 4768 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
15:49:17.0438 4768 C:\Windows\System32\sfc.dll - ok
15:49:17.0438 4768 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
15:49:17.0438 4768 C:\Windows\System32\sfc_os.dll - ok
15:49:17.0438 4768 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
15:49:17.0438 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe - ok
15:49:17.0438 4768 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
15:49:17.0438 4768 C:\Windows\SysWOW64\psapi.dll - ok
15:49:17.0438 4768 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
15:49:17.0438 4768 C:\Windows\SysWOW64\clbcatq.dll - ok
15:49:17.0438 4768 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
15:49:17.0438 4768 C:\Windows\System32\drivers\srvnet.sys - ok
15:49:17.0454 4768 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
15:49:17.0454 4768 C:\Windows\System32\sysmain.dll - ok
15:49:17.0454 4768 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
15:49:17.0454 4768 C:\Windows\System32\wiaservc.dll - ok
15:49:17.0454 4768 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
15:49:17.0454 4768 C:\Windows\System32\wiatrace.dll - ok
15:49:17.0454 4768 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
15:49:17.0454 4768 C:\Windows\SysWOW64\cryptsp.dll - ok
15:49:17.0454 4768 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
15:49:17.0454 4768 C:\Windows\System32\drivers\tcpipreg.sys - ok
15:49:17.0454 4768 [ 2540B8EB36235449DF2509F099A8FE01 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SDSSmartRepairTools.dll
15:49:17.0454 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\SDSSmartRepairTools.dll - ok
15:49:17.0454 4768 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
15:49:17.0454 4768 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
15:49:17.0454 4768 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
15:49:17.0454 4768 C:\Windows\SysWOW64\rsaenh.dll - ok
15:49:17.0470 4768 [ 0A2E3899CC72AD4CC85EA3D50A5331CC ] C:\Windows\System32\drivers\tmwfp.sys
15:49:17.0470 4768 C:\Windows\System32\drivers\tmwfp.sys - ok
15:49:17.0470 4768 [ FDC385A0F7D7DD880C4622D1DF08ABE9 ] C:\Windows\System32\ntprint.dll
15:49:17.0470 4768 C:\Windows\System32\ntprint.dll - ok
15:49:17.0470 4768 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
15:49:17.0470 4768 C:\Windows\System32\aeevts.dll - ok
15:49:17.0470 4768 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
15:49:17.0470 4768 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
15:49:17.0470 4768 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
15:49:17.0470 4768 C:\Windows\SysWOW64\wbemcomn.dll - ok
15:49:17.0470 4768 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
15:49:17.0470 4768 C:\Windows\SysWOW64\winsta.dll - ok
15:49:17.0470 4768 [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
15:49:17.0470 4768 C:\Windows\SysWOW64\msxml3.dll - ok
15:49:17.0470 4768 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
15:49:17.0470 4768 C:\Windows\System32\trkwks.dll - ok
15:49:17.0470 4768 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
15:49:17.0470 4768 C:\Windows\System32\wbem\WMIsvc.dll - ok
15:49:17.0485 4768 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
15:49:17.0485 4768 C:\Windows\System32\wbemcomn.dll - ok
15:49:17.0485 4768 [ 3DB45948974EF42289E8E12FCE02DA9D ] C:\Program Files\RealVNC\VNC4\winvnc4.exe
15:49:17.0485 4768 C:\Program Files\RealVNC\VNC4\winvnc4.exe - ok
15:49:17.0485 4768 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
15:49:17.0485 4768 C:\Windows\System32\wbem\wbemcore.dll - ok
15:49:17.0485 4768 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
15:49:17.0485 4768 C:\Windows\System32\wbem\WinMgmtR.dll - ok
15:49:17.0485 4768 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
15:49:17.0485 4768 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
15:49:17.0485 4768 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
15:49:17.0485 4768 C:\Windows\SysWOW64\apphelp.dll - ok
15:49:17.0485 4768 [ DED91C4B37C2ECED44736481B15E5A7C ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
15:49:17.0485 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe - ok
15:49:17.0485 4768 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
15:49:17.0485 4768 C:\Windows\System32\wbem\esscli.dll - ok
15:49:17.0501 4768 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
15:49:17.0501 4768 C:\Windows\System32\wbem\fastprox.dll - ok
15:49:17.0501 4768 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
15:49:17.0501 4768 C:\Windows\SysWOW64\uxtheme.dll - ok
15:49:17.0501 4768 [ BA90DF05FA2E9A2C15F3A74825315BD0 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
15:49:17.0501 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe - ok
15:49:17.0501 4768 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
15:49:17.0501 4768 C:\Windows\SysWOW64\propsys.dll - ok
15:49:17.0501 4768 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
15:49:17.0501 4768 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
15:49:17.0501 4768 [ C107C05123E30747A4B63A9C560BAB08 ] C:\Program Files (x86)\Dell DataSafe Local Backup\RPLauncher.exe
15:49:17.0501 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\RPLauncher.exe - ok
15:49:17.0501 4768 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
15:49:17.0501 4768 C:\Windows\SysWOW64\ieframe.dll - ok
15:49:17.0501 4768 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
15:49:17.0501 4768 C:\Windows\SysWOW64\comdlg32.dll - ok
15:49:17.0517 4768 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
15:49:17.0517 4768 C:\Windows\SysWOW64\msimg32.dll - ok
15:49:17.0517 4768 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
15:49:17.0517 4768 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
15:49:17.0517 4768 [ F205CD085B25CFC491908EFE4E8AB8F5 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
15:49:17.0517 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe - ok
15:49:17.0517 4768 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
15:49:17.0517 4768 C:\Windows\SysWOW64\winspool.drv - ok
15:49:17.0517 4768 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
15:49:17.0517 4768 C:\Windows\SysWOW64\mscoree.dll - ok
15:49:17.0517 4768 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
15:49:17.0517 4768 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
15:49:17.0517 4768 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
15:49:17.0517 4768 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
15:49:17.0532 4768 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
15:49:17.0532 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
15:49:17.0532 4768 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
15:49:17.0532 4768 C:\Windows\SysWOW64\oleacc.dll - ok
15:49:17.0532 4768 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
15:49:17.0532 4768 C:\Windows\SysWOW64\oledlg.dll - ok
15:49:17.0532 4768 [ C3E39FB1398EEE8E612C2FE53A9192EF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
15:49:17.0532 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll - ok
15:49:17.0532 4768 [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
15:49:17.0532 4768 C:\Windows\SysWOW64\secur32.dll - ok
15:49:17.0532 4768 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:49:17.0532 4768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
15:49:17.0532 4768 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
15:49:17.0532 4768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
15:49:17.0532 4768 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
15:49:17.0532 4768 C:\Windows\System32\SensApi.dll - ok
15:49:17.0548 4768 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
15:49:17.0548 4768 C:\Windows\System32\wer.dll - ok
15:49:17.0548 4768 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
15:49:17.0548 4768 C:\Windows\System32\WinSCard.dll - ok
15:49:17.0548 4768 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
15:49:17.0548 4768 C:\Windows\System32\FXSRESM.dll - ok
15:49:17.0548 4768 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
15:49:17.0548 4768 C:\Windows\System32\NapiNSP.dll - ok
15:49:17.0548 4768 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
15:49:17.0548 4768 C:\Windows\System32\pnrpnsp.dll - ok
15:49:17.0548 4768 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
15:49:17.0548 4768 C:\Windows\System32\winrnr.dll - ok
15:49:17.0548 4768 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
15:49:17.0548 4768 C:\Windows\System32\ntdsapi.dll - ok
15:49:17.0548 4768 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
15:49:17.0548 4768 C:\Windows\System32\drivers\srv2.sys - ok
15:49:17.0563 4768 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
15:49:17.0563 4768 C:\Windows\System32\iphlpsvc.dll - ok
15:49:17.0563 4768 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
15:49:17.0563 4768 C:\Windows\System32\wbem\wbemprox.dll - ok
15:49:17.0563 4768 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
15:49:17.0563 4768 C:\Windows\System32\wbem\wbemsvc.dll - ok
15:49:17.0563 4768 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
15:49:17.0563 4768 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
15:49:17.0563 4768 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
15:49:17.0563 4768 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
15:49:17.0563 4768 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
15:49:17.0563 4768 C:\Windows\System32\drivers\srv.sys - ok
15:49:17.0563 4768 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
15:49:17.0563 4768 C:\Windows\System32\sqmapi.dll - ok
15:49:17.0563 4768 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
15:49:17.0563 4768 C:\Windows\SysWOW64\ntdsapi.dll - ok
15:49:17.0579 4768 [ 2D62FF2B999A0A38E6438691C246481F ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
15:49:17.0579 4768 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
15:49:17.0579 4768 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
15:49:17.0579 4768 C:\Windows\System32\srvsvc.dll - ok
15:49:17.0579 4768 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
15:49:17.0579 4768 C:\Windows\System32\wdscore.dll - ok
15:49:17.0579 4768 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
15:49:17.0579 4768 C:\Windows\System32\browser.dll - ok
15:49:17.0579 4768 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
15:49:17.0579 4768 C:\Windows\System32\wbem\wmiutils.dll - ok
15:49:17.0579 4768 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
15:49:17.0579 4768 C:\Windows\System32\netcfgx.dll - ok
15:49:17.0579 4768 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
15:49:17.0579 4768 C:\Windows\System32\netmsg.dll - ok
15:49:17.0579 4768 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
15:49:17.0579 4768 C:\Windows\System32\wbem\repdrvfs.dll - ok
15:49:17.0595 4768 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
15:49:17.0595 4768 C:\Windows\System32\clusapi.dll - ok
15:49:17.0595 4768 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
15:49:17.0595 4768 C:\Windows\System32\hnetcfg.dll - ok
15:49:17.0595 4768 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
15:49:17.0595 4768 C:\Windows\System32\sscore.dll - ok
15:49:17.0595 4768 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
15:49:17.0595 4768 C:\Windows\System32\netprofm.dll - ok
15:49:17.0595 4768 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
15:49:17.0595 4768 C:\Windows\System32\resutils.dll - ok
15:49:17.0595 4768 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
15:49:17.0595 4768 C:\Windows\System32\nci.dll - ok
15:49:17.0595 4768 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
15:49:17.0595 4768 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
15:49:17.0595 4768 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
15:49:17.0595 4768 C:\Windows\System32\ncobjapi.dll - ok
15:49:17.0595 4768 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
15:49:17.0595 4768 C:\Windows\System32\wbem\wbemess.dll - ok
15:49:17.0610 4768 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
15:49:17.0610 4768 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
15:49:17.0610 4768 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
15:49:17.0610 4768 C:\Windows\System32\wbem\cimwin32.dll - ok
15:49:17.0610 4768 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
15:49:17.0610 4768 C:\Windows\System32\framedynos.dll - ok
15:49:17.0610 4768 [ 0A473BEFD39B78EDD82C2BDA84529ADA ] C:\Windows\System32\wbem\Win32_EncryptableVolume.dll
15:49:17.0610 4768 C:\Windows\System32\wbem\Win32_EncryptableVolume.dll - ok
15:49:17.0610 4768 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
15:49:17.0610 4768 C:\Windows\System32\wmi.dll - ok
15:49:17.0610 4768 [ 8872B78D80682F2BE0A04EB0B3EAF554 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
15:49:17.0610 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe - ok
15:49:17.0610 4768 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
15:49:17.0610 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
15:49:17.0626 4768 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
15:49:17.0626 4768 C:\Windows\System32\msxml3.dll - ok
15:49:17.0626 4768 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
15:49:17.0626 4768 C:\Windows\SysWOW64\sfc.dll - ok
15:49:17.0626 4768 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
15:49:17.0626 4768 C:\Windows\SysWOW64\sfc_os.dll - ok
15:49:17.0626 4768 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
15:49:17.0626 4768 C:\Windows\SysWOW64\devrtl.dll - ok
15:49:17.0626 4768 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
15:49:17.0626 4768 C:\Windows\System32\wdi.dll - ok
15:49:17.0626 4768 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
15:49:17.0626 4768 C:\Windows\SysWOW64\mpr.dll - ok
15:49:17.0626 4768 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
15:49:17.0626 4768 C:\Windows\SysWOW64\riched20.dll - ok
15:49:17.0626 4768 [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
15:49:17.0626 4768 C:\Windows\AppPatch\AcLayers.dll - ok
15:49:17.0626 4768 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
15:49:17.0626 4768 C:\Windows\System32\npmproxy.dll - ok
15:49:17.0641 4768 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
15:49:17.0641 4768 C:\Windows\System32\wpdbusenum.dll - ok
15:49:17.0641 4768 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
15:49:17.0641 4768 C:\Windows\SysWOW64\dwmapi.dll - ok
15:49:17.0641 4768 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
15:49:17.0641 4768 C:\Windows\System32\appinfo.dll - ok
15:49:17.0641 4768 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
15:49:17.0641 4768 C:\Windows\System32\diagperf.dll - ok
15:49:17.0641 4768 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
15:49:17.0641 4768 C:\Windows\System32\perftrack.dll - ok
15:49:17.0641 4768 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
15:49:17.0641 4768 C:\Windows\System32\PortableDeviceApi.dll - ok
15:49:17.0641 4768 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
15:49:17.0641 4768 C:\Windows\SysWOW64\imagehlp.dll - ok
15:49:17.0641 4768 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
15:49:17.0641 4768 C:\Windows\SysWOW64\ncrypt.dll - ok
15:49:17.0657 4768 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
15:49:17.0657 4768 C:\Windows\SysWOW64\bcrypt.dll - ok
15:49:17.0657 4768 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
15:49:17.0657 4768 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
15:49:17.0657 4768 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
15:49:17.0657 4768 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
15:49:17.0657 4768 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
15:49:17.0657 4768 C:\Windows\SysWOW64\gpapi.dll - ok
15:49:17.0657 4768 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
15:49:17.0657 4768 C:\Windows\SysWOW64\cryptnet.dll - ok
15:49:17.0657 4768 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
15:49:17.0657 4768 C:\Windows\System32\Apphlpdm.dll - ok
15:49:17.0657 4768 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
15:49:17.0657 4768 C:\Windows\System32\pnpts.dll - ok
15:49:17.0657 4768 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
15:49:17.0657 4768 C:\Windows\System32\radardt.dll - ok
15:49:17.0673 4768 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
15:49:17.0673 4768 C:\Windows\System32\wdiasqmmodule.dll - ok
15:49:17.0673 4768 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
15:49:17.0673 4768 C:\Windows\SysWOW64\SensApi.dll - ok
15:49:17.0673 4768 [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
15:49:17.0673 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
15:49:17.0673 4768 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
15:49:17.0673 4768 C:\Windows\System32\dimsjob.dll - ok
15:49:17.0673 4768 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
15:49:17.0673 4768 C:\Windows\System32\hidserv.dll - ok
15:49:17.0673 4768 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
15:49:17.0673 4768 C:\Windows\System32\IPSECSVC.DLL - ok
15:49:17.0673 4768 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
15:49:17.0673 4768 C:\Windows\System32\certcli.dll - ok
15:49:17.0673 4768 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
15:49:17.0688 4768 C:\Windows\System32\pautoenr.dll - ok
15:49:17.0688 4768 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
15:49:17.0688 4768 C:\Windows\System32\CertEnroll.dll - ok
15:49:17.0688 4768 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
15:49:17.0688 4768 C:\Windows\System32\FwRemoteSvr.dll - ok
15:49:17.0688 4768 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
15:49:17.0688 4768 C:\Windows\System32\runonce.exe - ok
15:49:17.0688 4768 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
15:49:17.0688 4768 C:\Windows\System32\drivers\WUDFRd.sys - ok
15:49:17.0688 4768 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
15:49:17.0688 4768 C:\Windows\System32\WUDFHost.exe - ok
15:49:17.0688 4768 [ 3518CB4E2D896CAB53D5386F15AC0566 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
15:49:17.0688 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll - ok
15:49:17.0688 4768 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
15:49:17.0688 4768 C:\Windows\System32\aelupsvc.dll - ok
15:49:17.0704 4768 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
15:49:17.0704 4768 C:\Windows\SysWOW64\runonce.exe - ok
15:49:17.0704 4768 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
15:49:17.0704 4768 C:\Windows\System32\WUDFx.dll - ok
15:49:17.0704 4768 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
15:49:17.0704 4768 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
15:49:17.0704 4768 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
15:49:17.0704 4768 C:\Windows\System32\WMVCORE.DLL - ok
15:49:17.0704 4768 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
15:49:17.0704 4768 C:\Windows\System32\WMASF.DLL - ok
15:49:17.0704 4768 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
15:49:17.0704 4768 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
15:49:17.0704 4768 [ FBA4773ECFEFFC6566FB2AD13CEC4940 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
15:49:17.0704 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll - ok
15:49:17.0704 4768 [ 871F7F32E3441580138E61A4AA072DF6 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
15:49:17.0704 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll - ok
15:49:17.0719 4768 [ 1E3CB1435EC745058628AE40FEA9F471 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
15:49:17.0719 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll - ok
15:49:17.0719 4768 [ 21E110FF1C0E948860458BD7B692DE13 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
15:49:17.0719 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll - ok
15:49:17.0719 4768 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
15:49:17.0719 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
15:49:17.0719 4768 [ EE74A0FF7C5752E49911986F22BBAEEF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
15:49:17.0719 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll - ok
15:49:17.0719 4768 [ AEDDFD540E3E6BECDB14C30D1F12B78A ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
15:49:17.0719 4768 C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
15:49:17.0719 4768 [ DDFBFD8959F32AC0CF3947F36BAC3081 ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
15:49:17.0719 4768 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
15:49:17.0719 4768 [ B122716819674ACFA603106501123347 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
15:49:17.0719 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll - ok
15:49:17.0735 4768 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
15:49:17.0735 4768 C:\Windows\System32\PortableDeviceTypes.dll - ok
15:49:17.0735 4768 [ B1A4F0DECDAAA62E58011025C0FD63F1 ] C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe
15:49:17.0735 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe - ok
15:49:17.0735 4768 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
15:49:17.0735 4768 C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
15:49:17.0735 4768 [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll
15:49:17.0735 4768 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll - ok
15:49:17.0735 4768 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll
15:49:17.0735 4768 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll - ok
15:49:17.0735 4768 [ D5E459BED3DB9CF7FC6CC1455F177D2D ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
15:49:17.0735 4768 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll - ok
15:49:17.0735 4768 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
15:49:17.0735 4768 C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll - ok
15:49:17.0751 4768 [ 70A176BF2ED362862944C371838262F8 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
15:49:17.0751 4768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
15:49:17.0751 4768 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
15:49:17.0751 4768 C:\Windows\System32\dssenh.dll - ok
15:49:17.0751 4768 [ 533AECD1B5356870AE2D905B4D3B42B7 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMisc.dll
15:49:17.0751 4768 C:\Program Files (x86)\Microsoft Office\Office12\GrooveMisc.dll - ok
15:49:17.0751 4768 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
15:49:17.0751 4768 C:\Windows\SysWOW64\cmd.exe - ok
15:49:17.0751 4768 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
15:49:17.0751 4768 C:\Windows\SysWOW64\winbrand.dll - ok
15:49:17.0751 4768 [ 1EFD0438C51472E88DD706CF6CC69DF9 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe
15:49:17.0751 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe - ok
15:49:17.0751 4768 [ E091E28D443BD75F72D4D75C9E62CD0C ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll
15:49:17.0751 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll - ok
15:49:17.0751 4768 [ 3D7D2E825C63FF501E896CF008C70D75 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
15:49:17.0751 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
15:49:17.0766 4768 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
15:49:17.0766 4768 C:\Windows\SysWOW64\shdocvw.dll - ok
15:49:17.0766 4768 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Janet\AppData\Local\Temp\4304487F-26A1-4B2E-AC8F-E6913DF9D522.exe
15:49:17.0766 4768 C:\Users\Janet\AppData\Local\Temp\4304487F-26A1-4B2E-AC8F-E6913DF9D522.exe - ok
15:49:17.0766 4768 [ C1B5307377C98F87E0152C44E9FF8DEE ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
15:49:17.0766 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
15:49:17.0766 4768 [ 24FCC3CDAE327F632CB8696E1E40F772 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
15:49:17.0766 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
15:49:17.0766 4768 [ E955300DF949977878C705EC8681009A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
15:49:17.0766 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
15:49:17.0766 4768 [ ED797D8DC2C92401985D162E42FFA450 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
15:49:17.0766 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
15:49:17.0766 4768 [ ADEE0E802531652C22723D6C0B3E1C77 ] C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll
15:49:17.0766 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll - ok
15:49:17.0782 4768 [ ECF18C562BD3604293944120CA1DC208 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
15:49:17.0782 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll - ok
15:49:17.0782 4768 [ 84C62605B877A378FE6F76E380D97E7B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
15:49:17.0782 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll - ok
15:49:17.0782 4768 [ A2BD298E0D4EAB4618DDA2C4C237261C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
15:49:17.0782 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll - ok
15:49:17.0782 4768 [ F86654DF03C8AD1C2CE6F95FA5240060 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
15:49:17.0782 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll - ok
15:49:17.0782 4768 [ DEBEC22FD655CDB0B9627C59456B5195 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll
15:49:17.0782 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll - ok
15:49:17.0782 4768 [ 6B0AF3B3621DDAAD5C17A5C298177944 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
15:49:17.0782 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll - ok
15:49:17.0782 4768 [ 74043EC6E0152D5AFA0F20056E9A3E44 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll
15:49:17.0782 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll - ok
15:49:17.0797 4768 [ C011C1EE7BD7FCCEF320F298DC9FAD45 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
15:49:17.0797 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll - ok
15:49:17.0797 4768 [ 1B6A47288EA57C7CF96B013324C67FEB ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
15:49:17.0797 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll - ok
15:49:17.0797 4768 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
15:49:17.0797 4768 C:\Windows\SysWOW64\rasapi32.dll - ok
15:49:17.0797 4768 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
15:49:17.0797 4768 C:\Windows\SysWOW64\rasman.dll - ok
15:49:17.0797 4768 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
15:49:17.0797 4768 C:\Windows\SysWOW64\rtutils.dll - ok
15:49:17.0797 4768 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
15:49:17.0797 4768 C:\Windows\SysWOW64\winhttp.dll - ok
15:49:17.0797 4768 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
15:49:17.0797 4768 C:\Windows\SysWOW64\wship6.dll - ok
15:49:17.0813 4768 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
15:49:17.0813 4768 C:\Windows\SysWOW64\webio.dll - ok
15:49:17.0813 4768 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
15:49:17.0813 4768 C:\Windows\SysWOW64\credssp.dll - ok
15:49:17.0813 4768 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
15:49:17.0813 4768 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
15:49:17.0813 4768 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
15:49:17.0813 4768 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
15:49:17.0813 4768 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
15:49:17.0813 4768 C:\Windows\SysWOW64\dnsapi.dll - ok
15:49:17.0813 4768 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
15:49:17.0813 4768 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
15:49:17.0813 4768 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
15:49:17.0813 4768 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
15:49:17.0813 4768 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
15:49:17.0813 4768 C:\Windows\SysWOW64\rasadhlp.dll - ok
15:49:17.0829 4768 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
15:49:17.0829 4768 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
15:49:17.0829 4768 [ 7B46A076184B73AEDC1A66A71D9131E8 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
15:49:17.0829 4768 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
15:49:17.0829 4768 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
15:49:17.0829 4768 C:\Windows\SysWOW64\d3d9.dll - ok
15:49:17.0829 4768 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
15:49:17.0829 4768 C:\Windows\SysWOW64\d3d8thk.dll - ok
15:49:17.0829 4768 [ CCFE69A4D6447AC0BA65BBD3938E6C18 ] C:\Windows\SysWOW64\igdumd32.dll
15:49:17.0829 4768 C:\Windows\SysWOW64\igdumd32.dll - ok
15:49:17.0829 4768 [ 27E79A455EF80647F4F57FA3C2B09C94 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
15:49:17.0829 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll - ok
15:49:17.0829 4768 [ 31E7CF1736A3CB25098CEE6E07FE270C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
15:49:17.0829 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll - ok
15:49:17.0829 4768 [ BE39E22059A3082D5289739299C33C01 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
15:49:17.0829 4768 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll - ok
15:49:17.0844 4768 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
15:49:17.0844 4768 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
15:49:17.0844 4768 [ A4D67E6F16D2F1A6C60DC52EA9617B94 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll
15:49:17.0844 4768 C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll - ok
15:49:17.0844 4768 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
15:49:17.0844 4768 C:\Windows\SysWOW64\EhStorShell.dll - ok
15:49:17.0844 4768 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
15:49:17.0844 4768 C:\Windows\SysWOW64\ntshrui.dll - ok
15:49:17.0844 4768 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
15:49:17.0844 4768 C:\Windows\SysWOW64\cscapi.dll - ok
15:49:17.0844 4768 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
15:49:17.0844 4768 C:\Windows\SysWOW64\imageres.dll - ok
15:49:17.0844 4768 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
15:49:17.0844 4768 C:\Windows\SysWOW64\slc.dll - ok
15:49:17.0844 4768 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
15:49:17.0844 4768 C:\Windows\SysWOW64\srvcli.dll - ok
15:49:17.0860 4768 [ 780836BB63852990382DF27DE7FEFD20 ] C:\Windows\System32\bcdedit.exe
15:49:17.0860 4768 C:\Windows\System32\bcdedit.exe - ok
15:49:17.0860 4768 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
15:49:17.0860 4768 C:\Windows\SysWOW64\netutils.dll - ok
15:49:17.0860 4768 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
15:49:17.0860 4768 C:\Windows\System32\ie4uinit.exe - ok
15:49:17.0860 4768 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
15:49:17.0860 4768 C:\Windows\System32\iedkcs32.dll - ok
15:49:17.0860 4768 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
15:49:17.0860 4768 C:\Windows\System32\timedate.cpl - ok
15:49:17.0860 4768 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
15:49:17.0860 4768 C:\Windows\System32\actxprxy.dll - ok
15:49:17.0860 4768 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
15:49:17.0860 4768 C:\Windows\System32\shdocvw.dll - ok
15:49:17.0860 4768 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
15:49:17.0860 4768 C:\Windows\System32\linkinfo.dll - ok
15:49:17.0875 4768 [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
15:49:17.0875 4768 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
15:49:17.0875 4768 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
15:49:17.0875 4768 C:\Windows\System32\msftedit.dll - ok
15:49:17.0875 4768 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
15:49:17.0875 4768 C:\Windows\System32\gameux.dll - ok
15:49:17.0875 4768 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
15:49:17.0875 4768 C:\Windows\System32\msls31.dll - ok
15:49:17.0875 4768 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
15:49:17.0875 4768 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
15:49:17.0875 4768 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
15:49:17.0875 4768 C:\Windows\System32\DeviceCenter.dll - ok
15:49:17.0875 4768 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
15:49:17.0875 4768 C:\Windows\System32\msiltcfg.dll - ok
15:49:17.0875 4768 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
15:49:17.0875 4768 C:\Windows\System32\msi.dll - ok
15:49:17.0891 4768 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
15:49:17.0891 4768 C:\Windows\System32\ieframe.dll - ok
15:49:17.0891 4768 [ BA74B558FC363B2E354CD43DD1444FD3 ] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
15:49:17.0891 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe - ok
15:49:17.0891 4768 [ 483BAA4246B80BDE1EA562C618BBA4A1 ] C:\Windows\System32\igfxtray.exe
15:49:17.0891 4768 C:\Windows\System32\igfxtray.exe - ok
15:49:17.0891 4768 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
15:49:17.0891 4768 C:\Windows\System32\thumbcache.dll - ok
15:49:17.0891 4768 [ 40CAEC9DBC892ED1915704CC54CB382E ] C:\Windows\System32\hkcmd.exe
15:49:17.0891 4768 C:\Windows\System32\hkcmd.exe - ok
15:49:17.0891 4768 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
15:49:17.0891 4768 C:\Windows\System32\networkexplorer.dll - ok
15:49:17.0891 4768 [ F1288E4CE82EE9F3A00E164BDFA54130 ] C:\Windows\System32\hccutils.dll
15:49:17.0891 4768 C:\Windows\System32\hccutils.dll - ok
15:49:17.0891 4768 [ FF3FC4BE04D01830799605B6F7B55DB0 ] C:\Windows\System32\igfxsrvc.exe
15:49:17.0891 4768 C:\Windows\System32\igfxsrvc.exe - ok
15:49:17.0907 4768 [ 420B395F5F700E51274A4013FAC0F68E ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
15:49:17.0907 4768 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe - ok
15:49:17.0907 4768 [ 4CE1C9F944C5EC5B6B7F0C833A273DEA ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll
15:49:17.0907 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll - ok
15:49:17.0907 4768 [ 4BC67DC2BB58DC6E2A6BCB9B4450B0B8 ] C:\Windows\System32\igfxsrvc.dll
15:49:17.0907 4768 C:\Windows\System32\igfxsrvc.dll - ok
15:49:17.0907 4768 [ 7BDA9423415F7612454B91DF4FA11576 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
15:49:17.0907 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll - ok
15:49:17.0907 4768 [ A3C74AB32273776E077E6C98BAC97E44 ] C:\Windows\System32\igfxdev.dll
15:49:17.0907 4768 C:\Windows\System32\igfxdev.dll - ok
15:49:17.0907 4768 [ 50EE778BF4C4EE52CF1FB49E268710CD ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
15:49:17.0907 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll - ok
15:49:17.0907 4768 [ D4E2C2D539093F8BEE3E045B8CF4CD0A ] C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll
15:49:17.0907 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll - ok
15:49:17.0922 4768 [ EAF8AE414501EFE47BAF02E673EEE350 ] C:\Windows\System32\igfxrenu.lrc
15:49:17.0922 4768 C:\Windows\System32\igfxrenu.lrc - ok
15:49:17.0922 4768 [ A6E2D1522F23C854611F272EBEB30948 ] C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll
15:49:17.0922 4768 C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll - ok
15:49:17.0922 4768 [ C88B01661694F2013F8DF1BD66B8B39E ] C:\Windows\System32\igfxpers.exe
15:49:17.0922 4768 C:\Windows\System32\igfxpers.exe - ok
15:49:17.0922 4768 [ B1FDCFFF7609E121C10751A669AB1611 ] C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80u.dll
15:49:17.0922 4768 C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80u.dll - ok
15:49:17.0922 4768 [ 24F48DEBCE20AFD1D890E3553E20B2AF ] C:\Program Files (x86)\FreeBar\FreeBar.exe
15:49:17.0922 4768 C:\Program Files (x86)\FreeBar\FreeBar.exe - ok
15:49:17.0922 4768 [ DD599A4E9F018EDD646A3060B99092CB ] C:\Windows\System32\igfxress.dll
15:49:17.0922 4768 C:\Windows\System32\igfxress.dll - ok
15:49:17.0922 4768 [ 445DC1EBCC11BF76DFF283E9BAB3853A ] C:\Program Files (x86)\Eazy-Ware\ezSched.exe
15:49:17.0922 4768 C:\Program Files (x86)\Eazy-Ware\ezSched.exe - ok
15:49:17.0922 4768 [ 105CFE016CCB20175BEACEC146F175AB ] C:\Windows\System32\IccLibDll_x64.dll
15:49:17.0922 4768 C:\Windows\System32\IccLibDll_x64.dll - ok
15:49:17.0938 4768 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
15:49:17.0938 4768 C:\Windows\System32\wdmaud.drv - ok
15:49:17.0938 4768 [ 5343A19C618BC515CEB1695586C6C137 ] C:\Windows\SysWOW64\msvbvm60.dll
15:49:17.0938 4768 C:\Windows\SysWOW64\msvbvm60.dll - ok
15:49:17.0938 4768 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
15:49:17.0938 4768 C:\Windows\SysWOW64\shfolder.dll - ok
15:49:17.0938 4768 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
15:49:17.0938 4768 C:\Windows\System32\ksuser.dll - ok
15:49:17.0938 4768 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
15:49:17.0938 4768 C:\Windows\System32\AudioSes.dll - ok
15:49:17.0938 4768 [ EBE1962DC5EEFC13D20543013A891ABC ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
15:49:17.0938 4768 C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe - ok
15:49:17.0938 4768 [ A7749965A3923D024922A86BAAECAFF4 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
15:49:17.0938 4768 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe - ok
15:49:17.0938 4768 [ 4164A47F3A2DA7EA44572904C3DF44A4 ] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
15:49:17.0938 4768 C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe - ok
15:49:17.0953 4768 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
15:49:17.0953 4768 C:\Windows\System32\mlang.dll - ok
15:49:17.0953 4768 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
15:49:17.0953 4768 C:\Windows\System32\msacm32.dll - ok
15:49:17.0953 4768 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
15:49:17.0953 4768 C:\Windows\System32\msacm32.drv - ok
15:49:17.0953 4768 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\SysWOW64\msvcp71.dll
15:49:17.0953 4768 C:\Windows\SysWOW64\msvcp71.dll - ok
15:49:17.0953 4768 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\SysWOW64\msvcr71.dll
15:49:17.0953 4768 C:\Windows\SysWOW64\msvcr71.dll - ok
15:49:17.0953 4768 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
15:49:17.0953 4768 C:\Windows\SysWOW64\sxs.dll - ok
15:49:17.0953 4768 [ 1F5A26DF97C33CD24A8ED4D4A1FF1348 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
15:49:17.0953 4768 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe - ok
15:49:17.0953 4768 [ 53E81C75B3C260C8FE9FD9ED4D8DB8F0 ] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll
15:49:17.0953 4768 C:\Program Files (x86)\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll - ok
15:49:17.0969 4768 [ 205D43DD91BCD857BCA16FF16EF6DE20 ] C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll
15:49:17.0969 4768 C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll - ok
15:49:17.0969 4768 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
15:49:17.0969 4768 C:\Windows\System32\midimap.dll - ok
15:49:17.0969 4768 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
15:49:17.0969 4768 C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe - ok
15:49:17.0969 4768 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
15:49:17.0969 4768 C:\Windows\System32\AudioEng.dll - ok
15:49:17.0969 4768 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
15:49:17.0969 4768 C:\Windows\SysWOW64\msiltcfg.dll - ok
15:49:17.0969 4768 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:49:17.0969 4768 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
15:49:17.0969 4768 [ C26B09276755E0698B31CF0BAE0BF182 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
15:49:17.0969 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
15:49:17.0969 4768 [ B9E362680ADB83F0E0134F4567DBF656 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll
15:49:17.0969 4768 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll - ok
15:49:17.0985 4768 [ E4401CF27225C1D6E664E86195978562 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
15:49:17.0985 4768 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
15:49:17.0985 4768 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:49:17.0985 4768 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
15:49:17.0985 4768 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
15:49:17.0985 4768 C:\Windows\SysWOW64\ddraw.dll - ok
15:49:17.0985 4768 [ C85ECCBAA179719E658FFDBF99221E1E ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
15:49:17.0985 4768 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
15:49:17.0985 4768 [ 5112FBD9885D79A9FC73BDE9B1EF9334 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
15:49:17.0985 4768 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
15:49:17.0985 4768 [ 814A169C40B55178BD8E1F79D1ADA649 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
15:49:17.0985 4768 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
15:49:17.0985 4768 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
15:49:17.0985 4768 C:\Windows\System32\AUDIOKSE.dll - ok
15:49:18.0000 4768 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
15:49:18.0000 4768 C:\Windows\SysWOW64\msi.dll - ok
15:49:18.0000 4768 [ 9DF319F1C2D4B80D8CE8214EA4899ADF ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
15:49:18.0000 4768 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
15:49:18.0000 4768 [ 717484C33B2993DEC02A3DEB44E74534 ] C:\Program Files\Trend Micro\AMSP\utilIPC.dll
15:49:18.0000 4768 C:\Program Files\Trend Micro\AMSP\utilIPC.dll - ok
15:49:18.0000 4768 [ A51A7D0C82C93827532DF3B8FE7804EA ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll
15:49:18.0000 4768 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll - ok
15:49:18.0000 4768 [ 559BCDFE4F46B4AD2CAC0528A9BCB7AA ] C:\Program Files\Trend Micro\AMSP\utilRPC.dll
15:49:18.0000 4768 C:\Program Files\Trend Micro\AMSP\utilRPC.dll - ok
15:49:18.0000 4768 [ AA0B1A7B4750F655936F2F82B5E84428 ] C:\Windows\System32\CX64AP40.dll
15:49:18.0000 4768 C:\Windows\System32\CX64AP40.dll - ok
15:49:18.0000 4768 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.dll
15:49:18.0000 4768 C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.dll - ok
15:49:18.0000 4768 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
15:49:18.0000 4768 C:\Windows\SysWOW64\dciman32.dll - ok
15:49:18.0016 4768 [ 6693F4D635561B765AC40CE754187AA8 ] C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll
15:49:18.0016 4768 C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll - ok
15:49:18.0016 4768 [ 3B1247FC09F82A1ECD1294EA13C79C3E ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll
15:49:18.0016 4768 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll - ok
15:49:18.0016 4768 [ 442235AC4F20B195F932990CAE47408E ] C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\mfc80ENU.dll
15:49:18.0016 4768 C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\mfc80ENU.dll - ok
15:49:18.0016 4768 [ CE73DA166252C7C45097757F2E52133F ] C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll
15:49:18.0016 4768 C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll - ok
15:49:18.0016 4768 [ 2AB03159D5F1CC8256AA0C0A904D107F ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll
15:49:18.0016 4768 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll - ok
15:49:18.0016 4768 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcr71.dll
15:49:18.0016 4768 C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcr71.dll - ok
15:49:18.0016 4768 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
15:49:18.0016 4768 C:\Windows\System32\WMALFXGFXDSP.dll - ok
15:49:18.0031 4768 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcp71.dll
15:49:18.0031 4768 C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcp71.dll - ok
15:49:18.0031 4768 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\SysWOW64\MFC71ENU.DLL
15:49:18.0031 4768 C:\Windows\SysWOW64\MFC71ENU.DLL - ok
15:49:18.0031 4768 [ 5AA4DF6CD3C96086955064BEC1CD0C9B ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
15:49:18.0031 4768 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
15:49:18.0031 4768 [ 1C770610954E0A93C185E310DCA660ED ] C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll
15:49:18.0031 4768 C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll - ok
15:49:18.0031 4768 [ 2640AD05AB39321E6C9D3C71236CA0DF ] C:\Windows\SysWOW64\Comctl32.ocx
15:49:18.0031 4768 C:\Windows\SysWOW64\Comctl32.ocx - ok
15:49:18.0031 4768 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
15:49:18.0031 4768 C:\Windows\System32\mfplat.dll - ok
15:49:18.0031 4768 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\51486412.sys
15:49:18.0031 4768 C:\Windows\System32\drivers\51486412.sys - ok
15:49:18.0031 4768 [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
15:49:18.0031 4768 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
15:49:18.0047 4768 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
15:49:18.0047 4768 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
15:49:18.0047 4768 [ 088CF5B6380FB9002F2A4246F812225D ] C:\Windows\SysWOW64\asycfilt.dll
15:49:18.0047 4768 C:\Windows\SysWOW64\asycfilt.dll - ok
15:49:18.0047 4768 [ 1BC8A289BFDE02DF0DA6C06689FA89C3 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll
15:49:18.0047 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll - ok
15:49:18.0047 4768 [ 837115C004022C7C9317848645D714FD ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rsl.dll
15:49:18.0047 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
15:49:18.0047 4768 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
15:49:18.0047 4768 C:\Windows\SysWOW64\netapi32.dll - ok
15:49:18.0047 4768 [ 703FFD301AB900B047337C5D40FD6F96 ] C:\Windows\SysWOW64\olepro32.dll
15:49:18.0047 4768 C:\Windows\SysWOW64\olepro32.dll - ok
15:49:18.0047 4768 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
15:49:18.0047 4768 C:\Windows\SysWOW64\wkscli.dll - ok
15:49:18.0063 4768 [ 6046C98205A35C2CEC330B15F88D4443 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
15:49:18.0063 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll - ok
15:49:18.0063 4768 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\SysWOW64\snmpapi.dll
15:49:18.0063 4768 C:\Windows\SysWOW64\snmpapi.dll - ok
15:49:18.0063 4768 [ 5BD85ABB12E057257D9D93C0838ABC0B ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rcsl.dll
15:49:18.0063 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
15:49:18.0063 4768 [ 484ACF6AF85A29AC52F3CF054DFDE9D3 ] C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
15:49:18.0063 4768 C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe - ok
15:49:18.0063 4768 [ E325D1DB76B13B33692D6318F67DC4EC ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll
15:49:18.0063 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll - ok
15:49:18.0063 4768 [ 8F17CA7CD61AF4602FC88647BAEA9F54 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll
15:49:18.0063 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll - ok
15:49:18.0063 4768 [ 21EF4BB2A6FF4116FD83FAEE52D4A416 ] C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
15:49:18.0063 4768 C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe - ok
15:49:18.0063 4768 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
15:49:18.0063 4768 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
15:49:18.0078 4768 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
15:49:18.0078 4768 C:\Windows\System32\browcli.dll - ok
15:49:18.0078 4768 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
15:49:18.0078 4768 C:\Windows\System32\schedcli.dll - ok
15:49:18.0078 4768 [ 807B6562009E5858C93E1C0F435C0382 ] C:\Windows\SysWOW64\netbios.dll
15:49:18.0078 4768 C:\Windows\SysWOW64\netbios.dll - ok
15:49:18.0078 4768 [ CF8D43B5CE132414CC0667E9C5EB5574 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll
15:49:18.0078 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll - ok
15:49:18.0078 4768 [ 72E6BB97A33137004FAC46CA43938F6C ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll
15:49:18.0078 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll - ok
15:49:18.0078 4768 [ 6CE25A4F4F2F70EBF004C9006C647F32 ] C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
15:49:18.0078 4768 C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe - ok
15:49:18.0078 4768 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
15:49:18.0078 4768 C:\Windows\SysWOW64\duser.dll - ok
15:49:18.0094 4768 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
15:49:18.0094 4768 C:\Windows\SysWOW64\dui70.dll - ok
15:49:18.0094 4768 [ 132AB9DB9A673FC20EE2D786E8CEC447 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll
15:49:18.0094 4768 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll - ok
15:49:18.0094 4768 [ C0F4A57BA5E09A28AE3D2F67ED219EEA ] C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
15:49:18.0094 4768 C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe - ok
15:49:18.0094 4768 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
15:49:18.0094 4768 C:\Windows\System32\UIAnimation.dll - ok
15:49:18.0094 4768 [ 08457294C7E98C5D3E5EE8CDC25FA537 ] C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
15:49:18.0094 4768 C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe - ok
15:49:18.0094 4768 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\SysWOW64\opengl32.dll
15:49:18.0094 4768 C:\Windows\SysWOW64\opengl32.dll - ok
15:49:18.0094 4768 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\SysWOW64\glu32.dll
15:49:18.0094 4768 C:\Windows\SysWOW64\glu32.dll - ok
15:49:18.0094 4768 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
15:49:18.0094 4768 C:\Windows\SysWOW64\linkinfo.dll - ok
15:49:18.0109 4768 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
15:49:18.0109 4768 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
15:49:18.0109 4768 [ 0D286C0FE561D1A7EB30E83A0FF305B2 ] C:\Program Files (x86)\Internet Explorer\iexplore.exe
15:49:18.0109 4768 C:\Program Files (x86)\Internet Explorer\iexplore.exe - ok
15:49:18.0109 4768 [ 96F8E8118661EC51D47719F037EBFD12 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll
15:49:18.0109 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll - ok
15:49:18.0109 4768 [ 4275701172E647D59623D42734E132AF ] C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll
15:49:18.0109 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll - ok
15:49:18.0109 4768 [ ADE6A6FEBF1FC2B7080636B9051582EA ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll
15:49:18.0109 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll - ok
15:49:18.0109 4768 [ BECEEE04AAB6388B66D1FCBD2A9F19A1 ] C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
15:49:18.0109 4768 C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe - ok
15:49:18.0109 4768 [ ACE195303472D15FA4B6BEE30F319657 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll
15:49:18.0109 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll - ok
15:49:18.0125 4768 [ 08875F073FD0AA75BD81EFC6AA955F20 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll
15:49:18.0125 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll - ok
15:49:18.0125 4768 [ 794B73472A43C9E18DE264340096D58C ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll
15:49:18.0125 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll - ok
15:49:18.0125 4768 [ F9909B83C000A953F21B2358494C0E19 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilAccessControl.dll
15:49:18.0125 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilAccessControl.dll - ok
15:49:18.0125 4768 [ 57BBB3DB2D8D1949D11964FCE332D7CD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll
15:49:18.0125 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll - ok
15:49:18.0125 4768 [ C2F5DFC47BCA388DFAB8236FE1B38A98 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll
15:49:18.0125 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll - ok
15:49:18.0125 4768 [ F6FD82845D9A0D3DE9294CB8743FB1FE ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll
15:49:18.0125 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll - ok
15:49:18.0125 4768 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\SysWOW64\httpapi.dll
15:49:18.0125 4768 C:\Windows\SysWOW64\httpapi.dll - ok
15:49:18.0141 4768 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
15:49:18.0141 4768 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
15:49:18.0141 4768 [ AB781C0E4C09E08F464081D17C0F6184 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
15:49:18.0141 4768 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
15:49:18.0141 4768 [ 1578ED9A1C0AA2A32461072B2BC8123C ] C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll
15:49:18.0141 4768 C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll - ok
15:49:18.0141 4768 [ 0F261EC4F514926177C70C1832374231 ] C:\Program Files\iPod\bin\iPodService.exe
15:49:18.0141 4768 C:\Program Files\iPod\bin\iPodService.exe - ok
15:49:18.0141 4768 [ 5EF8A000C7927E87332D8CB6B7970067 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
15:49:18.0141 4768 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
15:49:18.0141 4768 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
15:49:18.0141 4768 C:\Windows\System32\SearchIndexer.exe - ok
15:49:18.0141 4768 [ 763E2BBEFCD523AB3B7163A5671BF5EF ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
15:49:18.0141 4768 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
15:49:18.0141 4768 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
15:49:18.0141 4768 C:\Windows\System32\tquery.dll - ok
15:49:18.0156 4768 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
15:49:18.0156 4768 C:\Windows\System32\mssrch.dll - ok
15:49:18.0156 4768 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
15:49:18.0156 4768 C:\Windows\System32\esent.dll - ok
15:49:18.0156 4768 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
15:49:18.0156 4768 C:\Windows\System32\msidle.dll - ok
15:49:18.0156 4768 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
15:49:18.0156 4768 C:\Windows\System32\mssprxy.dll - ok
15:49:18.0156 4768 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
15:49:18.0156 4768 C:\Windows\System32\en-US\tquery.dll.mui - ok
15:49:18.0156 4768 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
15:49:18.0156 4768 C:\Windows\System32\batmeter.dll - ok
15:49:18.0156 4768 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
15:49:18.0156 4768 C:\Windows\System32\stobject.dll - ok
15:49:18.0156 4768 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
15:49:18.0156 4768 C:\Windows\System32\prnfldr.dll - ok
15:49:18.0172 4768 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
15:49:18.0172 4768 C:\Windows\System32\DXP.dll - ok
15:49:18.0172 4768 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
15:49:18.0172 4768 C:\Windows\System32\Syncreg.dll - ok
15:49:18.0172 4768 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
15:49:18.0172 4768 C:\Windows\ehome\ehSSO.dll - ok
15:49:18.0172 4768 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
15:49:18.0172 4768 C:\Windows\System32\netshell.dll - ok
15:49:18.0172 4768 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
15:49:18.0172 4768 C:\Windows\System32\AltTab.dll - ok
15:49:18.0172 4768 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
15:49:18.0172 4768 C:\Windows\System32\WPDShServiceObj.dll - ok
15:49:18.0172 4768 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
15:49:18.0172 4768 C:\Windows\System32\pnidui.dll - ok
15:49:18.0172 4768 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
15:49:18.0172 4768 C:\Windows\System32\QUTIL.DLL - ok
15:49:18.0187 4768 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
15:49:18.0187 4768 C:\Windows\System32\netman.dll - ok
15:49:18.0187 4768 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
15:49:18.0187 4768 C:\Windows\System32\rasdlg.dll - ok
15:49:18.0187 4768 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
15:49:18.0187 4768 C:\Windows\System32\mprapi.dll - ok
15:49:18.0187 4768 [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll
15:49:18.0187 4768 C:\Windows\System32\cscobj.dll - ok
15:49:18.0187 4768 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
15:49:18.0187 4768 C:\Windows\System32\dot3api.dll - ok
15:49:18.0187 4768 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
15:49:18.0187 4768 C:\Windows\System32\eappcfg.dll - ok
15:49:18.0187 4768 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
15:49:18.0187 4768 C:\Windows\System32\onex.dll - ok
15:49:18.0187 4768 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
15:49:18.0187 4768 C:\Windows\System32\wlanapi.dll - ok
15:49:18.0203 4768 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
15:49:18.0203 4768 C:\Windows\System32\wlanhlp.dll - ok
15:49:18.0203 4768 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
15:49:18.0203 4768 C:\Windows\System32\wlanutil.dll - ok
15:49:18.0203 4768 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
15:49:18.0203 4768 C:\Windows\System32\eappprxy.dll - ok
15:49:18.0203 4768 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
15:49:18.0203 4768 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
15:49:18.0203 4768 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
15:49:18.0203 4768 C:\Windows\System32\WWanAPI.dll - ok
15:49:18.0203 4768 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
15:49:18.0203 4768 C:\Windows\System32\wwapi.dll - ok
15:49:18.0203 4768 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
15:49:18.0203 4768 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
15:49:18.0203 4768 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
15:49:18.0203 4768 C:\Windows\System32\QAGENT.DLL - ok
15:49:18.0203 4768 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
15:49:18.0203 4768 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
15:49:18.0219 4768 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
15:49:18.0219 4768 C:\Windows\System32\srchadmin.dll - ok
15:49:18.0219 4768 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
15:49:18.0219 4768 C:\Windows\System32\drmv2clt.dll - ok
15:49:18.0219 4768 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
15:49:18.0219 4768 C:\Windows\System32\wmdrmdev.dll - ok
15:49:18.0219 4768 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
15:49:18.0219 4768 C:\Windows\System32\webcheck.dll - ok
15:49:18.0219 4768 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
15:49:18.0219 4768 C:\Windows\System32\bthprops.cpl - ok
15:49:18.0219 4768 [ 97A891E2BF7FDA830BCFC6269DA3F5E9 ] C:\Windows\System32\blackbox.dll
15:49:18.0219 4768 C:\Windows\System32\blackbox.dll - ok
15:49:18.0219 4768 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
15:49:18.0219 4768 C:\Windows\System32\SyncCenter.dll - ok
15:49:18.0219 4768 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
15:49:18.0219 4768 C:\Windows\System32\upnp.dll - ok
15:49:18.0234 4768 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
15:49:18.0234 4768 C:\Windows\System32\ssdpsrv.dll - ok
15:49:18.0234 4768 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
15:49:18.0234 4768 C:\Windows\System32\ActionCenter.dll - ok
15:49:18.0234 4768 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
15:49:18.0234 4768 C:\Windows\System32\hgcpl.dll - ok
15:49:18.0234 4768 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
15:49:18.0234 4768 C:\Windows\System32\fdPHost.dll - ok
15:49:18.0234 4768 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
15:49:18.0234 4768 C:\Windows\System32\fdWSD.dll - ok
15:49:18.0234 4768 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
15:49:18.0234 4768 C:\Windows\System32\fdSSDP.dll - ok
15:49:18.0234 4768 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
15:49:18.0234 4768 C:\Windows\System32\fdProxy.dll - ok
15:49:18.0234 4768 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
15:49:18.0234 4768 C:\Windows\System32\ListSvc.dll - ok
15:49:18.0250 4768 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
15:49:18.0250 4768 C:\Windows\System32\P2P.dll - ok
15:49:18.0250 4768 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
15:49:18.0250 4768 C:\Windows\System32\p2pcollab.dll - ok
15:49:18.0250 4768 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
15:49:18.0250 4768 C:\Windows\System32\IdListen.dll - ok
15:49:18.0250 4768 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
15:49:18.0250 4768 C:\Windows\System32\pnrpsvc.dll - ok
15:49:18.0250 4768 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
15:49:18.0250 4768 C:\Windows\System32\hgprint.dll - ok
15:49:18.0250 4768 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
15:49:18.0250 4768 C:\Windows\System32\wmp.dll - ok
15:49:18.0250 4768 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
15:49:18.0250 4768 C:\Windows\System32\wmploc.DLL - ok
15:49:18.0250 4768 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
15:49:18.0250 4768 C:\Windows\System32\QAGENTRT.DLL - ok
15:49:18.0265 4768 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
15:49:18.0265 4768 C:\Windows\System32\fveui.dll - ok
15:49:18.0265 4768 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
15:49:18.0265 4768 C:\Windows\System32\p2psvc.dll - ok
15:49:18.0265 4768 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
15:49:18.0265 4768 C:\Windows\System32\P2PGraph.dll - ok
15:49:18.0265 4768 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
15:49:18.0265 4768 C:\Program Files\Internet Explorer\ieproxy.dll - ok
15:49:18.0265 4768 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
15:49:18.0265 4768 C:\Windows\System32\wmpps.dll - ok
15:49:18.0265 4768 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
15:49:18.0265 4768 C:\Windows\System32\wmpmde.dll - ok
15:49:18.0265 4768 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
15:49:18.0265 4768 C:\Windows\System32\WinSATAPI.dll - ok
15:49:18.0265 4768 [ B79515AFF098E5A56DFBD316152534DE ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
15:49:18.0265 4768 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
15:49:18.0281 4768 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
15:49:18.0281 4768 C:\Windows\System32\MSMPEG2ENC.DLL - ok
15:49:18.0281 4768 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
15:49:18.0281 4768 C:\Windows\System32\devenum.dll - ok
15:49:18.0281 4768 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
15:49:18.0281 4768 C:\Windows\System32\msdmo.dll - ok
15:49:18.0281 4768 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
15:49:18.0281 4768 C:\Windows\System32\upnphost.dll - ok
15:49:18.0281 4768 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
15:49:18.0281 4768 C:\Windows\System32\wbem\wmiprov.dll - ok
15:49:18.0281 4768 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
15:49:18.0281 4768 C:\Windows\System32\udhisapi.dll - ok
15:49:18.0281 4768 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
15:49:18.0281 4768 C:\Windows\System32\FXSST.dll - ok
15:49:18.0281 4768 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
15:49:18.0281 4768 C:\Windows\System32\FXSAPI.dll - ok
15:49:18.0297 4768 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
15:49:18.0297 4768 C:\Windows\System32\FXSSVC.exe - ok
15:49:18.0297 4768 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
15:49:18.0297 4768 C:\Windows\System32\drivers\fastfat.sys - ok
15:49:18.0297 4768 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
15:49:18.0297 4768 C:\Windows\System32\drprov.dll - ok
15:49:18.0297 4768 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
15:49:18.0297 4768 C:\Windows\System32\ntlanman.dll - ok
15:49:18.0297 4768 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
15:49:18.0297 4768 C:\Windows\System32\davclnt.dll - ok
15:49:18.0297 4768 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
15:49:18.0297 4768 C:\Windows\System32\davhlpr.dll - ok
15:49:18.0297 4768 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
15:49:18.0297 4768 C:\Windows\System32\drt.dll - ok
15:49:18.0297 4768 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
15:49:18.0297 4768 C:\Windows\System32\drttransport.dll - ok
15:49:18.0312 4768 [ E2CC3130FFDA0644AC918851A78B090F ] C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll - ok
15:49:18.0312 4768 [ 476CF0C1C2DF1331D975A4BDC639C7CA ] C:\Program Files\Trend Micro\AMSP\module\1\1.5.1487\coreFrameworkBuilder.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\module\1\1.5.1487\coreFrameworkBuilder.dll - ok
15:49:18.0312 4768 [ E2CC3130FFDA0644AC918851A78B090F ] C:\Program Files\Trend Micro\AMSP\module\5\1.5.1381\coreConfigRepository.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\module\5\1.5.1381\coreConfigRepository.dll - ok
15:49:18.0312 4768 [ 5508210D2C4AE4303195148B7B386653 ] C:\Program Files\Trend Micro\AMSP\module\7\1.5.1381\coreUpdateManager.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\module\7\1.5.1381\coreUpdateManager.dll - ok
15:49:18.0312 4768 [ 0B79A2CCC38B18AD273ABE92EBE431D6 ] C:\Program Files\Trend Micro\AMSP\module\10\1.5.1516\coreActionManager.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\module\10\1.5.1516\coreActionManager.dll - ok
15:49:18.0312 4768 [ 0778510D9BC4237BA529A86937039153 ] C:\Program Files\Trend Micro\AMSP\module\11\1.5.1516\coreScanManager.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\module\11\1.5.1516\coreScanManager.dll - ok
15:49:18.0312 4768 [ A0AFF18FADF319DEA5111726CC6925F3 ] C:\Program Files\Trend Micro\AMSP\module\2\1.5.1516\coreCommandManager.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\module\2\1.5.1516\coreCommandManager.dll - ok
15:49:18.0312 4768 [ 4E1955B1A6B41A34FCD43C66413E2D59 ] C:\Program Files\Trend Micro\AMSP\module\3\1.5.1516\coreEventManager.dll
15:49:18.0312 4768 C:\Program Files\Trend Micro\AMSP\module\3\1.5.1516\coreEventManager.dll - ok
15:49:18.0328 4768 [ 073866FC3EF99A08992554696633A574 ] C:\Program Files\Trend Micro\AMSP\module\4\1.5.1516\coreTaskManager.dll
15:49:18.0328 4768 C:\Program Files\Trend Micro\AMSP\module\4\1.5.1516\coreTaskManager.dll - ok
15:49:18.0328 4768 [ D7F4A834CB6D7D896244C9412CC2F2B6 ] C:\Program Files\Trend Micro\AMSP\module\6\1.5.1516\coreReportManager.dll
15:49:18.0328 4768 C:\Program Files\Trend Micro\AMSP\module\6\1.5.1516\coreReportManager.dll - ok
15:49:18.0328 4768 [ FE31AD9E3522F25A234D6B1F17BC40F1 ] C:\Program Files\Trend Micro\AMSP\module\1000001\1.5.1332\paCoreProductAdaptor.dll
15:49:18.0328 4768 C:\Program Files\Trend Micro\AMSP\module\1000001\1.5.1332\paCoreProductAdaptor.dll - ok
15:49:18.0328 4768 [ 1C09B662C52F738D38D7C6B35B21676F ] C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll
15:49:18.0328 4768 C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll - ok
15:49:18.0328 4768 [ 80C7DB229137215B5B6B4A543D997388 ] C:\Program Files\Trend Micro\AMSP\module\10000\1.5.1464\9.700.1001\plugEngineVSAPI.dll
15:49:18.0328 4768 C:\Program Files\Trend Micro\AMSP\module\10000\1.5.1464\9.700.1001\plugEngineVSAPI.dll - ok
15:49:18.0328 4768 [ DACE6AD6B6968DA86CDDEAC8989FE373 ] C:\Program Files\Trend Micro\AMSP\module\10001\1.5.1381\6.2.1028\plugEngineSSAPI.dll
15:49:18.0328 4768 C:\Program Files\Trend Micro\AMSP\module\10001\1.5.1381\6.2.1028\plugEngineSSAPI.dll - ok
15:49:18.0328 4768 [ 6B4AC520AC1DCD6CD8FC0222A66DC7A1 ] C:\Program Files\Trend Micro\AMSP\module\10002\1.5.1381\7.0.1028\plugEngineDCE.dll
15:49:18.0328 4768 C:\Program Files\Trend Micro\AMSP\module\10002\1.5.1381\7.0.1028\plugEngineDCE.dll - ok
15:49:18.0343 4768 [ 085506F9323778027D21711C95449F34 ] C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\plugEngineAEGIS.dll
15:49:18.0343 4768 C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\plugEngineAEGIS.dll - ok
15:49:18.0343 4768 [ 1CEA1F902834F96A0AF927EB8F745541 ] C:\Program Files\Trend Micro\AMSP\module\10005\1.5.1464\3.5.1058\plugEngineTMUFE.dll
15:49:18.0343 4768 C:\Program Files\Trend Micro\AMSP\module\10005\1.5.1464\3.5.1058\plugEngineTMUFE.dll - ok
15:49:18.0343 4768 [ 8095F16314D49965F58FE968B2804248 ] C:\Program Files\Trend Micro\AMSP\module\10007\1.5.1464\2.5.1032\plugEngineTMFBE.dll
15:49:18.0343 4768 C:\Program Files\Trend Micro\AMSP\module\10007\1.5.1464\2.5.1032\plugEngineTMFBE.dll - ok
15:49:18.0343 4768 [ 449560DC46EF63760B777CB45345351E ] C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\plugEngineICRC.dll
15:49:18.0343 4768 C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\plugEngineICRC.dll - ok
15:49:18.0343 4768 [ 318C986400E0BB5B179D986290E42BE8 ] C:\Program Files\Trend Micro\AMSP\module\20001\1.5.1464\3.50.1182\plugAdapterSystem.dll
15:49:18.0343 4768 C:\Program Files\Trend Micro\AMSP\module\20001\1.5.1464\3.50.1182\plugAdapterSystem.dll - ok
15:49:18.0343 4768 [ DA5DBF40C9F3ADFEBC9F4AEF095EF747 ] C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\plugAdapterProxy.dll
15:49:18.0343 4768 C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\plugAdapterProxy.dll - ok
15:49:18.0343 4768 [ 4A424A0AB88CCB6F779E0E56E6524744 ] C:\Program Files\Trend Micro\AMSP\module\30000\1.5.1464\plugRealtimeScanFlow.dll
15:49:18.0343 4768 C:\Program Files\Trend Micro\AMSP\module\30000\1.5.1464\plugRealtimeScanFlow.dll - ok
15:49:18.0359 4768 [ C60911F82DD9C1C4E1A386A32FFF01A7 ] C:\Program Files\Trend Micro\AMSP\module\30001\1.5.1464\plugManualScanFlow.dll
15:49:18.0359 4768 C:\Program Files\Trend Micro\AMSP\module\30001\1.5.1464\plugManualScanFlow.dll - ok
15:49:18.0359 4768 [ AF1E324250AE512D0E8708CADE7CE462 ] C:\Program Files\Trend Micro\AMSP\module\30004\1.5.1464\plugRealTimeScanCache.dll
15:49:18.0359 4768 C:\Program Files\Trend Micro\AMSP\module\30004\1.5.1464\plugRealTimeScanCache.dll - ok
15:49:18.0359 4768 [ 2E0B5FE484A0CF18B7994A7FBE84F49B ] C:\Program Files\Trend Micro\AMSP\module\40001\1.5.1464\plugUtilEnum.dll
15:49:18.0359 4768 C:\Program Files\Trend Micro\AMSP\module\40001\1.5.1464\plugUtilEnum.dll - ok
15:49:18.0359 4768 [ 4AD4CCE5ECA3A943A37455B146088AB6 ] C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\plugAdapterBP.dll
15:49:18.0359 4768 C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\plugAdapterBP.dll - ok
15:49:18.0359 4768 [ FB6AEC7AE0725C48783E6023A9B20A00 ] C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
15:49:18.0359 4768 C:\Program Files\Trend Micro\AMSP\libprotobuf.dll - ok
15:49:18.0359 4768 [ 24DCA8BA1CA4B9E976140822B30DCD13 ] C:\Program Files\Trend Micro\AMSP\module\10009\2.5.1535\2.5.1535\plugEngineLCE.dll
15:49:18.0359 4768 C:\Program Files\Trend Micro\AMSP\module\10009\2.5.1535\2.5.1535\plugEngineLCE.dll - ok
15:49:18.0359 4768 [ 78A3C3438E31CD7C609677BD42D63461 ] C:\Program Files\Trend Micro\AMSP\module\10010\2.5.1535\2.5.1535\plugEngineLES.dll
15:49:18.0359 4768 C:\Program Files\Trend Micro\AMSP\module\10010\2.5.1535\2.5.1535\plugEngineLES.dll - ok
15:49:18.0375 4768 [ 2210E88D567BF7353FCCB116BC3A0563 ] C:\Program Files\Trend Micro\AMSP\module\40002\1.5.1464\plugUtilSysInfo.dll
15:49:18.0375 4768 C:\Program Files\Trend Micro\AMSP\module\40002\1.5.1464\plugUtilSysInfo.dll - ok
15:49:18.0375 4768 [ DE507971661F14AFEFAA06EEFCD8111A ] C:\Program Files\Trend Micro\AMSP\module\30005\1.5.1464\plugLocalCorrelationFlow.dll
15:49:18.0375 4768 C:\Program Files\Trend Micro\AMSP\module\30005\1.5.1464\plugLocalCorrelationFlow.dll - ok
15:49:18.0375 4768 [ 31C87BA55B701F17D6D5B1E07C4DE39E ] C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\plugEngineTMSA.dll
15:49:18.0375 4768 C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\plugEngineTMSA.dll - ok
15:49:18.0375 4768 [ DE31043F24188636DED393A8002D78B8 ] C:\Program Files\Trend Micro\AMSP\module\30006\1.5.1464\plugCommonScanCache.dll
15:49:18.0375 4768 C:\Program Files\Trend Micro\AMSP\module\30006\1.5.1464\plugCommonScanCache.dll - ok
15:49:18.0375 4768 [ 825890A9AD3B2A867B6A91FFC5C31921 ] C:\Program Files\Trend Micro\AMSP\module\40003\1.5.1381\1.5.1381\plugUtilException.dll
15:49:18.0375 4768 C:\Program Files\Trend Micro\AMSP\module\40003\1.5.1381\1.5.1381\plugUtilException.dll - ok
15:49:18.0375 4768 [ 0B5D42373185DD2FD22811D3B192EBF3 ] C:\Program Files\Trend Micro\AMSP\module\20003\1.5.1487\6.5.1234\plugAdapterFirewall.dll
15:49:18.0375 4768 C:\Program Files\Trend Micro\AMSP\module\20003\1.5.1487\6.5.1234\plugAdapterFirewall.dll - ok
15:49:18.0375 4768 [ 710A702487D4DFCF6DECE1ABB4E219FF ] C:\Program Files\Trend Micro\AMSP\module\10000\1.5.1464\9.700.1001\vsapi64.dll
15:49:18.0375 4768 C:\Program Files\Trend Micro\AMSP\module\10000\1.5.1464\9.700.1001\vsapi64.dll - ok
15:49:18.0390 4768 [ EA3CD9D80CF28DB7191C6485674CB6FA ] C:\Program Files\Trend Micro\AMSP\module\10002\1.5.1381\7.0.1028\tscdll64.dll
15:49:18.0390 4768 C:\Program Files\Trend Micro\AMSP\module\10002\1.5.1381\7.0.1028\tscdll64.dll - ok
15:49:18.0390 4768 [ F1D4CD9DC615BC637FD757169B55C3EA ] C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\TmAegis.dll
15:49:18.0390 4768 C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\TmAegis.dll - ok
15:49:18.0390 4768 [ C2F42144D1D39D15A215D7C638C5D57A ] C:\Program Files\Trend Micro\AMSP\module\10005\1.5.1464\3.5.1058\tmufeng.dll
15:49:18.0390 4768 C:\Program Files\Trend Micro\AMSP\module\10005\1.5.1464\3.5.1058\tmufeng.dll - ok
15:49:18.0390 4768 [ 76B8C2EB0116F08AB52FEABBE51523E7 ] C:\Program Files\Trend Micro\AMSP\module\10007\1.5.1464\2.5.1032\tmfbeng.dll
15:49:18.0390 4768 C:\Program Files\Trend Micro\AMSP\module\10007\1.5.1464\2.5.1032\tmfbeng.dll - ok
15:49:18.0390 4768 [ 3A810862917BC93FADBEB73D34E9E365 ] C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\ICRCHdler.dll
15:49:18.0390 4768 C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\ICRCHdler.dll - ok
15:49:18.0390 4768 [ 52B16EDBD5AAA12CC083632FD27A7B97 ] C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\libcurl.dll
15:49:18.0390 4768 C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\libcurl.dll - ok
15:49:18.0390 4768 [ 93895AF94D66454DEF2CED51BC85EE03 ] C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\libeay32.dll
15:49:18.0390 4768 C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\libeay32.dll - ok
15:49:18.0406 4768 [ 6177F34483D8F5ADB88F8DEF62DE13FD ] C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\perfiCrcPerfMonMgr.dll
15:49:18.0406 4768 C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\perfiCrcPerfMonMgr.dll - ok
15:49:18.0406 4768 [ A349C67E4F2904C00190CAFB1ABCD185 ] C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\ssleay32.dll
15:49:18.0406 4768 C:\Program Files\Trend Micro\AMSP\module\10008\1.5.1381\1.3.1040\ssleay32.dll - ok
15:49:18.0406 4768 [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
15:49:18.0406 4768 C:\Windows\System32\loadperf.dll - ok
15:49:18.0406 4768 [ 86F8C8C03426D7DFEF88C6FEE6FAE67F ] C:\Program Files\Trend Micro\AMSP\module\10009\2.5.1535\2.5.1535\TMLCE64.dll
15:49:18.0406 4768 C:\Program Files\Trend Micro\AMSP\module\10009\2.5.1535\2.5.1535\TMLCE64.dll - ok
15:49:18.0406 4768 [ 3EBAD02E8C1654931BD826AD03595F1E ] C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\tmsa64.dll
15:49:18.0406 4768 C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\tmsa64.dll - ok
15:49:18.0406 4768 [ C70CE1EC31515CD7AAFEAF141D1D04B7 ] C:\Program Files\Trend Micro\AMSP\module\20001\1.5.1464\3.50.1182\TmSysEvt.dll
15:49:18.0406 4768 C:\Program Files\Trend Micro\AMSP\module\20001\1.5.1464\3.50.1182\TmSysEvt.dll - ok
15:49:18.0406 4768 [ 919D858C06EE021311D4B854D6612C7A ] C:\Program Files\Trend Micro\AMSP\module\20003\1.5.1487\6.5.1234\TmPfwCtl.dll
15:49:18.0406 4768 C:\Program Files\Trend Micro\AMSP\module\20003\1.5.1487\6.5.1234\TmPfwCtl.dll - ok
15:49:18.0421 4768 [ 537D12AFB6002D86AAB8047A683BAB9D ] C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\TmNscDbg.dll
15:49:18.0421 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\TmNscDbg.dll - ok
15:49:18.0421 4768 [ 34821FFD092AACB81B1D31EE90C34F1D ] C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmpxCfg.dll
15:49:18.0421 4768 C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmpxCfg.dll - ok
15:49:18.0421 4768 [ 537D12AFB6002D86AAB8047A683BAB9D ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmNscDbg.dll
15:49:18.0421 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmNscDbg.dll - ok
15:49:18.0421 4768 [ 30E2535797091282BCF6C5057D8B29BF ] C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmpxCtl.dll
15:49:18.0421 4768 C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmpxCtl.dll - ok
15:49:18.0421 4768 [ 2E2C937846A0B8789E5E91739284D17A ] C:\Windows\regedit.exe
15:49:18.0421 4768 C:\Windows\regedit.exe - ok
15:49:18.0421 4768 [ 489BFBBB3950AEFA5A40B7B8BFD76430 ] C:\Windows\System32\aclui.dll
15:49:18.0421 4768 C:\Windows\System32\aclui.dll - ok
15:49:18.0421 4768 [ A4898B7BCA283C7CA3170117FE1AF893 ] C:\Windows\System32\clb.dll
15:49:18.0421 4768 C:\Windows\System32\clb.dll - ok
15:49:18.0421 4768 [ EE11A3F03D8B801B721BC6D0089BDD9C ] C:\Windows\System32\ulib.dll
15:49:18.0421 4768 C:\Windows\System32\ulib.dll - ok
15:49:18.0437 4768 [ D70CF0C8541149E4FF1361C14146C4D4 ] C:\Program Files\Trend Micro\AMSP\module\10001\1.5.1381\6.2.1028\Ssapi64.dll
15:49:18.0437 4768 C:\Program Files\Trend Micro\AMSP\module\10001\1.5.1381\6.2.1028\Ssapi64.dll - ok
15:49:18.0437 4768 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
15:49:18.0437 4768 C:\Windows\System32\shfolder.dll - ok
15:49:18.0437 4768 [ 84827B0DCC0A535DB6CB0FC2FADFE38E ] C:\Windows\System32\occache.dll
15:49:18.0437 4768 C:\Windows\System32\occache.dll - ok
15:49:18.0437 4768 [ CD1ED0EEAA14B9556F777466CE3A5CE1 ] C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\tmwlchk.dll
15:49:18.0437 4768 C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\tmwlchk.dll - ok
15:49:18.0437 4768 [ FE8030AFADAB4C4DF6CE47DB2E67E468 ] C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\tmtap.dll
15:49:18.0437 4768 C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\tmtap.dll - ok
15:49:18.0437 4768 [ EC8FDF98FFA693B9C08AE6443BB4CEB0 ] C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\TMPEM.dll
15:49:18.0437 4768 C:\Program Files\Trend Micro\AMSP\module\10004\1.5.1381\3.50.1169\TMPEM.dll - ok
15:49:18.0437 4768 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
15:49:18.0437 4768 C:\Windows\System32\security.dll - ok
15:49:18.0453 4768 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
15:49:18.0453 4768 C:\Windows\System32\keyiso.dll - ok
15:49:18.0453 4768 [ 3206A288014B1207F4E86336385CB41D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
15:49:18.0453 4768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok
15:49:18.0453 4768 [ 81953836F678A7353A797E3F7DE69B55 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
15:49:18.0453 4768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok
15:49:18.0453 4768 [ AA4052D3AB64FEDD6F140F347776EAAD ] C:\Program Files\Trend Micro\AMSP\module\10010\2.5.1535\2.5.1535\TMLES64.dll
15:49:18.0453 4768 C:\Program Files\Trend Micro\AMSP\module\10010\2.5.1535\2.5.1535\TMLES64.dll - ok
15:49:18.0453 4768 [ 8DF4D9C01015841111814B53538D1CCC ] C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\TmPfwRul.dll
15:49:18.0453 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\TmPfwRul.dll - ok
15:49:18.0453 4768 [ 5A0B51AF6585A073315FB6B535277F92 ] C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\TmPfwWht.dll
15:49:18.0453 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\TmPfwWht.dll - ok
15:49:18.0453 4768 [ 471C46965B86F1245598C1AAE5FE919A ] C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\tmwfpapi.dll
15:49:18.0453 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\tmwfpapi.dll - ok
15:49:18.0468 4768 [ 6485DD6A8792E6C212BF16D42F8EAF6B ] C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\tmHash.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20003\153BA0~1.148\6574A7~1.123\tmHash.dll - ok
15:49:18.0468 4768 [ F5EF3F7B68FD871F63EE59543E82A679 ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\tmtdi.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\tmtdi.dll - ok
15:49:18.0468 4768 [ D081B53B376EF55892E2B2B252D08188 ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeUrlF.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeUrlF.dll - ok
15:49:18.0468 4768 [ 8198E9C734C7832CF3969B014AF1C4D4 ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmsmHttp.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmsmHttp.dll - ok
15:49:18.0468 4768 [ FA9F64693BDDC7C968EF7FDD6273382F ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeHosF.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeHosF.dll - ok
15:49:18.0468 4768 [ AD592DDD2AFBECFA5D9A810678CFE08B ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeEvts.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeEvts.dll - ok
15:49:18.0468 4768 [ 8D3C246E57777C1E639669FF48185025 ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeSAL.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmpeSAL.dll - ok
15:49:18.0468 4768 [ CD2D196869260C9DD0048CE7C7236C1E ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmphHttp.dll
15:49:18.0468 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmphHttp.dll - ok
15:49:18.0484 4768 [ 7913A3C6C014FF04ACAF0F809DA71A31 ] C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmPlgAdp.dll
15:49:18.0484 4768 C:\PROGRA~1\TRENDM~1\AMSP\module\20004\150E28~1.146\66B9D2~1.107\TmPlgAdp.dll - ok
15:49:18.0484 4768 [ E9C71C6FEF79038A0C84ED797E965062 ] C:\Program Files\Trend Micro\AMSP\module\1000001\1.5.1332\utilUniClient.dll
15:49:18.0484 4768 C:\Program Files\Trend Micro\AMSP\module\1000001\1.5.1332\utilUniClient.dll - ok
15:49:18.0484 4768 [ 92EC117EFB28A64D0D4D1EEF2E87BF71 ] C:\Program Files\Trend Micro\UniClient\plugins\plugEventHub.dll
15:49:18.0484 4768 C:\Program Files\Trend Micro\UniClient\plugins\plugEventHub.dll - ok
15:49:18.0484 4768 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
15:49:18.0484 4768 C:\Windows\System32\wscisvif.dll - ok
15:49:18.0484 4768 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
15:49:18.0484 4768 C:\Windows\System32\wbem\NCProv.dll - ok
15:49:18.0484 4768 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
15:49:18.0484 4768 C:\Windows\System32\wscapi.dll - ok
15:49:18.0484 4768 ============================================================
15:49:18.0484 4768 Scan finished
15:49:18.0484 4768 ============================================================
15:49:18.0499 4760 Detected object count: 1
15:49:18.0499 4760 Actual detected object count: 1
16:12:05.0717 4760 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:05.0717 4760 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:17.0976 2828 Deinitialize success


========




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-29 16:19:42
-----------------------------
16:19:42.457 OS Version: Windows x64 6.1.7601 Service Pack 1
16:19:42.457 Number of processors: 4 586 0x2A07
16:19:42.457 ComputerName: VOSTRO260 UserName: Janet
16:19:43.955 Initialize success
16:21:47.569 AVAST engine defs: 13012901
16:22:25.415 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:22:25.415 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
16:22:25.446 Disk 0 MBR read successfully
16:22:25.446 Disk 0 MBR scan
16:22:25.461 Disk 0 Windows VISTA default MBR code
16:22:25.461 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
16:22:25.477 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 23232 MB offset 81920
16:22:25.493 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 103004 MB offset 47661056
16:22:25.508 Disk 0 Partition - 00 0F Extended LBA 350662 MB offset 258615296
16:22:25.524 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 350661 MB offset 258617344
16:22:25.586 Disk 0 scanning C:\Windows\system32\drivers
16:22:39.798 Service scanning
16:23:05.834 Modules scanning
16:23:05.834 Disk 0 trace - called modules:
16:23:05.865 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys
16:23:05.865 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d2c060]
16:23:05.865 3 CLASSPNP.SYS[fffff880019c743f] -> nt!IofCallDriver -> [0xfffffa8004743520]
16:23:05.865 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004898060]
16:23:08.174 AVAST engine scan C:\Windows
16:23:13.946 AVAST engine scan C:\Windows\system32
16:27:35.293 AVAST engine scan C:\Windows\system32\drivers
16:27:55.262 AVAST engine scan C:\Users\Janet
16:32:17.857 File: C:\Users\Janet\AppData\Local\Temp\CGXMTJHJZ.exe **INFECTED** Win32:Sirefef-AVP [Trj]
16:32:30.415 File: C:\Users\Janet\AppData\Local\Temp\G45BT.exe **INFECTED** Win32:Malware-gen
16:35:30.907 File: C:\Users\Janet\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:Sirefef-AVP [Trj]
16:35:46.601 File: C:\Users\Janet\AppData\Local\Temp\~!#F198.tmp **INFECTED** Win32:Malware-gen
16:35:46.679 File: C:\Users\Janet\AppData\Local\Temp\~!#F7B2.tmp **INFECTED** Win32:Kryptik-LBO [Trj]
16:39:56.264 AVAST engine scan C:\ProgramData
16:43:06.584 Scan finished successfully
17:42:21.799 Disk 0 MBR has been saved successfully to "C:\Users\Janet\Desktop\MBR.dat"
17:42:21.799 The log file has been saved successfully to "C:\Users\Janet\Desktop\aswMBR.txt"


Computer seems to be working OK

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 29 January 2013 - 09:51 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 30 January 2013 - 12:13 AM

OTL ran with no problems. LOG:

OTL logfile created on: 1/30/2013 12:02:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Janet\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.96% Memory free
7.83 Gb Paging File | 6.46 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.59 Gb Total Space | 64.35 Gb Free Space | 63.97% Space Free | Partition Type: NTFS
Drive D: | 342.44 Gb Total Space | 312.38 Gb Free Space | 91.22% Space Free | Partition Type: NTFS

Computer Name: VOSTRO260 | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Janet\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Eazy-Ware\ezSched.exe (AJSystems.com Inc.)
PRC - C:\Program Files (x86)\FreeBar\FreeBar.exe (Colin Finck)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{101BCE6B-9E05-49EC-82D6-E2A1B560E980}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{101BCE6B-9E05-49EC-82D6-E2A1B560E980}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000\..\SearchScopes\{DF9B01C6-EE92-409E-BCB8-02AFB771972B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ [2012/06/29 16:45:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000..\Run: [EazyScheduler] C:\Program Files (x86)\Eazy-Ware\ezSched.exe (AJSystems.com Inc.)
O4 - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000..\Run: [FreeBar] C:\Program Files (x86)\FreeBar\FreeBar.exe (Colin Finck)
O4 - HKU\S-1-5-21-2814388528-3976898639-2671193800-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D0EF3A1-BC94-40CB-96A9-6318530CBBEA}: NameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 00:00:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Janet\Desktop\OTL.exe
[2013/01/29 16:18:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Janet\Desktop\aswMBR.exe
[2013/01/29 15:38:06 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Janet\Desktop\tdsskiller.exe
[2013/01/29 09:23:57 | 000,000,000 | ---D | C] -- C:\Users\Janet\Desktop\RK_Quarantine
[2013/01/29 00:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/29 00:07:29 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/01/29 00:07:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/29 00:07:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/29 00:07:25 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/29 00:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/01/29 00:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/01/28 00:14:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/27 14:30:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/16 18:16:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/01/16 18:16:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/01/16 18:16:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/01/16 18:16:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/01/16 18:16:14 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/01/16 18:16:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/01/16 18:16:13 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/01/16 18:16:13 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/01/16 18:16:13 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/01/16 18:16:13 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/01/16 18:16:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/01/16 18:16:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/01/16 18:16:13 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/01/16 18:16:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/01/16 18:16:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/01/16 18:16:12 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/01/16 18:16:12 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/01/16 18:16:12 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/01/16 18:16:12 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/01/16 18:16:12 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/01/16 18:16:12 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/01/16 18:16:12 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/01/16 18:16:12 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/01/16 18:16:12 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/01/16 18:16:12 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/01/16 18:15:02 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/01/09 17:44:27 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 17:44:26 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 17:44:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 17:44:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 17:44:15 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 17:44:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 17:44:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 17:44:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 17:44:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 17:44:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 17:44:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 17:44:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 17:44:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 17:44:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 17:44:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 17:44:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 17:44:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 17:44:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 17:44:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 17:44:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 17:44:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 17:44:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 17:44:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 17:44:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 17:44:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 17:44:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 17:44:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 17:44:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 17:44:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 17:44:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 17:44:14 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 17:44:14 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 17:44:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 17:44:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 17:44:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 17:44:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 17:43:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 17:43:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 17:43:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 17:43:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 17:43:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 17:43:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 17:43:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 17:43:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 17:43:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 17:43:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:43:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:43:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:43:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:43:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 17:43:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:43:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:43:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:43:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 17:43:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 17:43:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:43:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:43:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:43:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:43:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:43:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 17:43:46 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

========== Files - Modified Within 30 Days ==========

[2013/01/30 00:00:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Janet\Desktop\OTL.exe
[2013/01/29 23:59:53 | 000,000,494 | ---- | M] () -- C:\Users\Janet\Desktop\New variation of FBI MoneyPak Ransomware.website
[2013/01/29 23:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/29 23:59:21 | 3152,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 21:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 17:42:21 | 000,000,512 | ---- | M] () -- C:\Users\Janet\Desktop\MBR.dat
[2013/01/29 16:24:11 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 16:24:11 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 16:22:08 | 000,794,642 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/29 16:22:08 | 000,673,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/29 16:22:08 | 000,125,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/29 16:19:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Janet\Desktop\aswMBR.exe
[2013/01/29 15:38:10 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Janet\Desktop\tdsskiller.exe
[2013/01/29 09:15:05 | 000,768,512 | ---- | M] () -- C:\Users\Janet\Desktop\RogueKiller.exe
[2013/01/29 00:07:23 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/29 00:07:22 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/01/29 00:07:22 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/01/29 00:07:22 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/01/29 00:07:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/29 00:07:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/28 11:06:20 | 000,006,525 | ---- | M] () -- C:\Users\Janet\AppData\Local\7df37bbb-d535-4b6e-b266-713d456724b0.crx
[2013/01/10 18:20:49 | 000,464,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 18:03:40 | 000,790,620 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/08 19:34:30 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 19:34:30 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/01/29 17:42:21 | 000,000,512 | ---- | C] () -- C:\Users\Janet\Desktop\MBR.dat
[2013/01/29 09:29:07 | 000,768,512 | ---- | C] () -- C:\Users\Janet\Desktop\RogueKiller.exe
[2013/01/29 09:18:52 | 000,000,494 | ---- | C] () -- C:\Users\Janet\Desktop\New variation of FBI MoneyPak Ransomware.website
[2013/01/27 18:58:40 | 000,006,525 | ---- | C] () -- C:\Users\Janet\AppData\Local\7df37bbb-d535-4b6e-b266-713d456724b0.crx
[2012/12/16 16:18:15 | 000,004,096 | -H-- | C] () -- C:\Users\Janet\AppData\Local\keyfile3.drm
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/05/26 10:29:24 | 000,210,842 | ---- | C] () -- C:\Users\Janet\Pattillo 401(k) Enrollment Guide - Fidelity.pdf
[2012/05/02 08:59:55 | 000,027,212 | ---- | C] () -- C:\Users\Janet\AppData\Roaming\Personal Address Book.ADR
[2012/05/02 08:55:49 | 000,038,402 | ---- | C] () -- C:\Users\Janet\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/04/11 20:18:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/10 09:33:46 | 000,790,620 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2814388528-3976898639-2671193800-1000\$7dfaa213426a315eda505d07d3f018d2\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:3B3A302E

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 30 January 2013 - 12:35 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :Files
    ipconfig /flushdns /c
    C:\Users\Janet\AppData\Local\Temp\CGXMTJHJZ.exe
    C:\Users\Janet\AppData\Local\Temp\G45BT.exe
    C:\Users\Janet\AppData\Local\Temp\msimg32.dll
    C:\Users\Janet\AppData\Local\Temp\~!#F198.tmp
    C:\Users\Janet\AppData\Local\Temp\~!#F7B2.tmp
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 30 January 2013 - 12:46 PM

The OTL Script was run. The status line at the bottom of OTL said that it had completed the processing. Reboot requested & allowed. However, no log file opened after the reboot. The OTL.Txt file on the desktop is the log for the first OTL run last night.

The computer seems to be working fine now.

Edited by LMoseley, 30 January 2013 - 11:48 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 31 January 2013 - 01:13 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users